Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1560507
MD5:	f74588fc6a3342296cbb881d87c17300
SHA1:	de5fccb795f1c2e639e3c48a1e333ac5ae2d45ea
SHA256:	8d9631d40e85203e942106de4530e9ae857849d6a5e38126f338a816b37d461c
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption

Multi AV Scanner detection for submitted file

Yara detected Telegram RAT

AI detected suspicious sample

Found pyInstaller with non standard icon

Maps a DLL or memory area into another process

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Query firmware table information (likely to detect VMs)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Uses the Telegram API (likely for C&C communication)

AV process strings found (often used to terminate AV products)

Binary contains a suspicious time stamp

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to detect virtual machines (SGDT)

Contains functionality to query CPU information (cpuid)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Installs a global mouse hook

JA3 SSL client fingerprint seen in connection with other malware

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Browser Started with Remote Debugging

Sigma detected: Execution of Suspicious File Type Extension

Spawns drivers

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

file.exe (PID: 2992 cmdline: "C:\Users\user\Desktop\file.exe" MD5: F74588FC6A3342296CBB881D87C17300)

file.exe (PID: 2108 cmdline: "C:\Users\user\Desktop\file.exe" MD5: F74588FC6A3342296CBB881D87C17300)

cmd.exe (PID: 5804 cmdline: C:\Windows\system32\cmd.exe /c "dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

dxdiag.exe (PID: 340 cmdline: dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt MD5: 19AB5AD061BF013EBD012D0682DF37E5)

taskkill.exe (PID: 772 cmdline: taskkill /F /IM chrome.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

conhost.exe (PID: 928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 5448 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1980 --field-trial-handle=1928,i,10138963520009945514,5208888711942787013,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

taskkill.exe (PID: 7940 cmdline: taskkill /F /IM msedge.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

conhost.exe (PID: 7952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

msedge.exe (PID: 8004 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 2488 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2024 --field-trial-handle=1932,i,6186283230393300826,18104412640596963689,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

mstee.sys (PID: 4 cmdline: MD5: 244C73253E165582DDC43AF4467D23DF)

mskssrv.sys (PID: 4 cmdline: MD5: 26854C1F5500455757BC00365CEF9483)

msedge.exe (PID: 7800 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8304 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2056 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8328 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --no-sandbox --mojo-platform-channel-handle=5308 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8544 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --no-sandbox --onnx-enabled-for-ee --mojo-platform-channel-handle=5412 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

identity_helper.exe (PID: 7024 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=5760 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)

identity_helper.exe (PID: 7120 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=5760 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)

msedge.exe (PID: 7700 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --no-sandbox --message-loop-type-ui --mojo-platform-channel-handle=2540 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: file.exe PID: 2108	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security

Sigma Signatures

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 2108, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox, ProcessId: 5448, ProcessName: chrome.exe

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: , CommandLine: , CommandLine|base64offset|contains: , Image: C:\Windows\System32\drivers\mstee.sys, NewProcessName: C:\Windows\System32\drivers\mstee.sys, OriginalFileName: C:\Windows\System32\drivers\mstee.sys, ParentCommandLine: , ParentImage: , ParentProcessId: -1, ProcessCommandLine: , ProcessId: 4, ProcessName: mstee.sys

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 13%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013CCD30 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,	1_2_00007FFE013CCD30
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013F8E90 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,	1_2_00007FFE013F8E90
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013FE190 CRYPTO_free,	1_2_00007FFE013FE190
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B19DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,	1_2_00007FFE013B19DD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B15E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,	1_2_00007FFE013B15E6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1F55 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,	1_2_00007FFE013B1F55
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013FE200 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,	1_2_00007FFE013FE200
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,	1_2_00007FFE013B1389
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B2527 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,	1_2_00007FFE013B2527
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013CC080 CRYPTO_free,CRYPTO_memdup,	1_2_00007FFE013CC080
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013BE0AD ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,	1_2_00007FFE013BE0AD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013D20A0 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,	1_2_00007FFE013D20A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE014100A0 CRYPTO_free,CRYPTO_memdup,	1_2_00007FFE014100A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B23EC CRYPTO_free,CRYPTO_memdup,	1_2_00007FFE013B23EC
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B4100 CRYPTO_free,	1_2_00007FFE013B4100
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE014080C0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,	1_2_00007FFE014080C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,	1_2_00007FFE013B1361
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01408390 CRYPTO_free,CRYPTO_free,CRYPTO_free,	1_2_00007FFE01408390
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1D93 EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,	1_2_00007FFE013B1D93
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,	1_2_00007FFE013B1B31
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013C2360 CRYPTO_THREAD_run_once,	1_2_00007FFE013C2360
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B23DD EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,	1_2_00007FFE013B23DD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013D2410 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,	1_2_00007FFE013D2410
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013CE427 CRYPTO_THREAD_write_lock,	1_2_00007FFE013CE427
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE0141A3D0 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,	1_2_00007FFE0141A3D0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE014143C0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,	1_2_00007FFE014143C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B4300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,	1_2_00007FFE013B4300
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01410330 CRYPTO_free,CRYPTO_strndup,	1_2_00007FFE01410330
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1488 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,	1_2_00007FFE013B1488
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B85A0 CRYPTO_zalloc,CRYPTO_free,	1_2_00007FFE013B85A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01426550 CRYPTO_memcmp,	1_2_00007FFE01426550
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B24CD CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,	1_2_00007FFE013B24CD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01408620 CRYPTO_memcmp,	1_2_00007FFE01408620
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013D05E0 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,	1_2_00007FFE013D05E0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B18B6 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,	1_2_00007FFE013B18B6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013E4490 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,	1_2_00007FFE013E4490
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B26E4 BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,	1_2_00007FFE013B26E4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,	1_2_00007FFE013B198D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,	1_2_00007FFE013B1AC3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013C4530 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,	1_2_00007FFE013C4530
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,	1_2_00007FFE013B1ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013FE781 CRYPTO_free,CRYPTO_free,	1_2_00007FFE013FE781
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,	1_2_00007FFE013B1401
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B16A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,	1_2_00007FFE013B16A4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1F3C CRYPTO_malloc,ERR_new,ERR_set_debug,	1_2_00007FFE013B1F3C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B2423 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,	1_2_00007FFE013B2423
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1F28 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,	1_2_00007FFE013B1F28
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1CA3 CRYPTO_strdup,CRYPTO_free,	1_2_00007FFE013B1CA3
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B25F4 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,	1_2_00007FFE013B25F4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013F26B0 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,	1_2_00007FFE013F26B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01416650 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,	1_2_00007FFE01416650
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B13D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,	1_2_00007FFE013B13D9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1212 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,	1_2_00007FFE013B1212
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,	1_2_00007FFE013B162C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013F4660 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,	1_2_00007FFE013F4660
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B103C CRYPTO_malloc,COMP_expand_block,	1_2_00007FFE013B103C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013FE700 CRYPTO_free,	1_2_00007FFE013FE700
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B120D EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,	1_2_00007FFE013B120D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013CA6D0 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,	1_2_00007FFE013CA6D0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013C4990 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,	1_2_00007FFE013C4990
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,	1_2_00007FFE013B1893
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1EE2 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,	1_2_00007FFE013B1EE2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B2185 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,	1_2_00007FFE013B2185
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B204F CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,	1_2_00007FFE013B204F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B17DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,	1_2_00007FFE013B17DF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE014089F0 CRYPTO_free,CRYPTO_memdup,	1_2_00007FFE014089F0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B24EB CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,	1_2_00007FFE013B24EB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01428870 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,	1_2_00007FFE01428870
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01414860 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,	1_2_00007FFE01414860
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,	1_2_00007FFE013B139D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013FE920 CRYPTO_free,	1_2_00007FFE013FE920
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013C4930 CRYPTO_get_ex_new_index,	1_2_00007FFE013C4930
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013FE8C0 CRYPTO_free,	1_2_00007FFE013FE8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B26B2 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,	1_2_00007FFE013B26B2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE0142A8F0 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,	1_2_00007FFE0142A8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE0141C8E0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,	1_2_00007FFE0141C8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013CEB48 CRYPTO_free,	1_2_00007FFE013CEB48
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,	1_2_00007FFE013B1A0F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B4C00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,	1_2_00007FFE013B4C00
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013FEC10 CRYPTO_free,	1_2_00007FFE013FEC10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,	1_2_00007FFE013B1AB4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,	1_2_00007FFE013B1A05
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,	1_2_00007FFE013B1492
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013F2A50 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,	1_2_00007FFE013F2A50
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B114F CRYPTO_free,ERR_new,ERR_set_debug,	1_2_00007FFE013B114F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013DEB10 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,	1_2_00007FFE013DEB10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1460 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,	1_2_00007FFE013B1460
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013C6B20 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,	1_2_00007FFE013C6B20
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B4B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,	1_2_00007FFE013B4B30
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B222F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,	1_2_00007FFE013B222F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013F8D40 OPENSSL_cleanse,CRYPTO_free,	1_2_00007FFE013F8D40
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,	1_2_00007FFE013B1CBC
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcmp,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,	1_2_00007FFE013B1B54
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013CEDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,	1_2_00007FFE013CEDC1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013CEDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,	1_2_00007FFE013CEDC1
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1771 CRYPTO_free,	1_2_00007FFE013B1771
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,	1_2_00007FFE013B1811
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013F8C80 CRYPTO_free,	1_2_00007FFE013F8C80
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B22D9 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,	1_2_00007FFE013B22D9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01408CA0 CRYPTO_free,CRYPTO_strndup,	1_2_00007FFE01408CA0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B257C ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,	1_2_00007FFE013B257C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01414C40 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,	1_2_00007FFE01414C40
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013FEC70 CRYPTO_free,	1_2_00007FFE013FEC70
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,	1_2_00007FFE013B136B
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B20E5 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,	1_2_00007FFE013B20E5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B2144 EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,	1_2_00007FFE013B2144
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B4FD0 CRYPTO_free,	1_2_00007FFE013B4FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,	1_2_00007FFE013B117C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013BCEA0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,	1_2_00007FFE013BCEA0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B17E9 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_new,ERR_set_debug,	1_2_00007FFE013B17E9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B236A CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,	1_2_00007FFE013B236A
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01422EE0 CRYPTO_memcmp,	1_2_00007FFE01422EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01411170 ERR_new,ERR_set_debug,CRYPTO_clear_free,	1_2_00007FFE01411170
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013BF160 CRYPTO_free,CRYPTO_memdup,	1_2_00007FFE013BF160
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013DD170 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,	1_2_00007FFE013DD170
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013BD227 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,	1_2_00007FFE013BD227
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01417230 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,	1_2_00007FFE01417230
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,	1_2_00007FFE013B1A23
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013D9080 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,	1_2_00007FFE013D9080
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013F30A0 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,	1_2_00007FFE013F30A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B14CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,	1_2_00007FFE013B14CE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B21DF CRYPTO_memcmp,	1_2_00007FFE013B21DF
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B2117 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,	1_2_00007FFE013B2117
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE0142B070 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,	1_2_00007FFE0142B070
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01415070 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,	1_2_00007FFE01415070
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013DF070 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,memcpy,	1_2_00007FFE013DF070
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013F9120 CRYPTO_malloc,ERR_new,ERR_set_debug,	1_2_00007FFE013F9120
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B11A9 EVP_MAC_CTX_free,CRYPTO_free,	1_2_00007FFE013B11A9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B2374 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,	1_2_00007FFE013B2374

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

Jump to behavior

Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.53.9:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49839 version: TLS 1.2

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2152107652.00007FFE013A7000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb\| source: file.exe, 00000001.00000002.2149200604.00007FFDFB19A000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdbDD source: file.exe, 00000001.00000002.2152671744.00007FFE01435000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb** source: file.exe, 00000001.00000002.2152957100.00007FFE0C0B1000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_wmi.pdb(('GCTL source: file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2159684612.00007FFE130C4000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL \|\| WITHIN_ARENA(temp->next)assertion failed: (char *)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source:	Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: file.exe, 00000000.00000003.1688385647.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: file.exe, 00000000.00000003.1687009658.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2160311288.00007FFE13314000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: file.exe, 00000001.00000002.2149200604.00007FFDFB102000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: file.exe, 00000000.00000003.1687009658.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2160311288.00007FFE13314000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: file.exe, 00000001.00000002.2151849876.00007FFDFF2C4000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb source: file.exe, 00000001.00000002.2149200604.00007FFDFB19A000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: file.exe, 00000000.00000003.1688285782.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32crypt.pdb!! source: file.exe, 00000001.00000002.2153158919.00007FFE0CFA2000.00000002.00000001.01000000.0000002B.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: file.exe, 00000000.00000003.1687157131.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2159486915.00007FFE12E15000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: file.exe, 00000000.00000003.1694758534.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2158289464.00007FFE11EA3000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb source: file.exe, 00000001.00000002.2152957100.00007FFE0C0B1000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: file.exe, 00000000.00000003.1688025894.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2158792768.00007FFE120C6000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2159238918.00007FFE126EB000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: file.exe, 00000001.00000002.2158536684.00007FFE11ED2000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: file.exe, 00000000.00000003.1688492455.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2159032410.00007FFE126C3000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32crypt.pdb source: file.exe, 00000001.00000002.2153158919.00007FFE0CFA2000.00000002.00000001.01000000.0000002B.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2159238918.00007FFE126EB000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: file.exe, 00000000.00000003.1687411258.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2159881473.00007FFE1320D000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2159684612.00007FFE130C4000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: file.exe, 00000000.00000003.1688573407.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2157666533.00007FFE11519000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: file.exe, 00000001.00000002.2156747532.00007FFE1030F000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python313.pdb source: file.exe, 00000001.00000002.2150063973.00007FFDFB668000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: file.exe, 00000000.00000003.1687157131.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2159486915.00007FFE12E15000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdb source: file.exe, 00000001.00000002.2152671744.00007FFE01435000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: file.exe, 00000001.00000002.2156461817.00007FFE1024E000.00000002.00000001.01000000.00000012.sdmp

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00007FF6BAF083C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF09280 FindFirstFileExW,FindClose,	0_2_00007FF6BAF09280
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF6BAF21874
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF09280 FindFirstFileExW,FindClose,	1_2_00007FF6BAF09280
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	1_2_00007FF6BAF083C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00007FF6BAF21874

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 26MB

Networking

Uses the Telegram API (likely for C&C communication)

Source: unknown

DNS query: name: api.telegram.org

Source: Joe Sandbox View	IP Address: 20.25.227.174 20.25.227.174
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 20.189.173.8 20.189.173.8

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.9
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.9
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.9
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.9

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HAfoF53L47c7EP+&MD=v3okLSN6 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1732828174&P2=404&P3=2&P4=KnbEqgNPcUnA8aSdEM0rHz9HBl2U5F1phLr4tg3mXV2FpVBWIZkDhYu%2fpKYLQ9gEElLxwZa1NIsFs6omlOrzLQ%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: zUE+65jNFo1e5OR/iMqCJ6Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.7e27cca6027b8d6697cb.js HTTP/1.1Host: assets2.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HAfoF53L47c7EP+&MD=v3okLSN6 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: - https://www.facebook.com/groups/ equals www.facebook.com (Facebook)
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: d- https://www.facebook.com/groups/ equals www.facebook.com (Facebook)
Source: file.exe, 00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: z"- https://www.facebook.com/groups/r equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: api.myip.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: file.exe, 00000001.00000003.2104230165.00000214FFC8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110863930.00000214FF9A2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121671472.0000021481A9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117528067.00000214FFC92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107937864.00000214FFC8E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120640970.0000021481A9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103312630.00000214FFC7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118761418.00000214FFC92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122323104.00000214FF9BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122249938.00000214FFC94000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121671472.0000021481A99000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111847758.00000214FFC91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: file.exe, 00000000.00000003.1688704118.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.dig
Source: file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688855381.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digi
Source: file.exe, 00000000.00000003.1690618091.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687714832.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698037961.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691977367.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688573407.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690618091.000001F724DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688385647.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688492455.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688285782.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691733387.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688704118.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688025894.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688855381.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692299393.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692991549.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687862228.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687411258.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: file.exe, 00000000.00000003.1687714832.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698037961.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691977367.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688573407.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690618091.000001F724DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688385647.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688492455.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688285782.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691733387.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688704118.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688025894.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688855381.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692299393.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692991549.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687862228.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687411258.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1694758534.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: file.exe, 00000000.00000003.1690618091.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687714832.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698037961.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691977367.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688573407.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688385647.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688492455.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688285782.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691733387.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688704118.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688025894.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688855381.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692299393.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692991549.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687862228.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687411258.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1694758534.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: file.exe, 00000000.00000003.1690618091.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687714832.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698037961.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691977367.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688573407.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690618091.000001F724DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688385647.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688492455.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688285782.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691733387.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688704118.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688025894.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688855381.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692299393.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692991549.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687862228.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687411258.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: file.exe, 00000001.00000003.2110863930.00000214FF9A2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1721247684.00000214FFB8A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110277873.00000214FFBDB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717288320.00000214FFBD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107285500.00000214FFB8B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104762804.00000214FFB8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105574677.00000214FF5CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717951813.00000214FF5E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107513071.00000214FF614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110467841.00000214FF624000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107003138.00000214FF60E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577916/
Source: file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146001431.00000214FFA4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114974733.00000214FFA44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: file.exe, 00000001.00000003.2136050933.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117277157.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120112192.00000214FF59E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2144706152.00000214FF5A1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146285438.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110908198.00000214FF599000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2116526106.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: file.exe, 00000001.00000003.2110031802.00000214FFB16000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105909756.00000214FFB13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114732194.00000214FFA0B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126663400.00000214FFB16000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146001431.00000214FFA4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114974733.00000214FFA44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114974733.00000214FFA44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlG
Source: file.exe, 00000001.00000003.2130648026.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2147473239.00000214FFD37000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2101914863.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2136299831.00000214FFD25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: file.exe, 00000001.00000003.2112994189.00000214FFBDF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104502886.00000214FFBDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2119048801.00000214FFBE0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110277873.00000214FFBDE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106175292.00000214FFBDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: file.exe, 00000001.00000003.2130648026.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2147473239.00000214FFD37000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2101914863.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2136299831.00000214FFD25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: file.exe, 00000001.00000003.2112994189.00000214FFBDF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104502886.00000214FFBDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2119048801.00000214FFBE0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110277873.00000214FFBDE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106175292.00000214FFBDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: file.exe, 00000001.00000003.2130648026.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2147473239.00000214FFD37000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2101914863.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2136299831.00000214FFD25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: file.exe, 00000001.00000003.2136050933.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117277157.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146285438.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2116526106.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: file.exe, 00000000.00000003.1690618091.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687714832.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698037961.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691977367.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688573407.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690618091.000001F724DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688385647.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688492455.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688285782.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691733387.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688704118.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688025894.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688855381.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692299393.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692991549.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687862228.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687411258.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: file.exe, 00000000.00000003.1687714832.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698037961.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691977367.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688573407.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690618091.000001F724DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688385647.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688492455.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688285782.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691733387.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688704118.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688025894.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688855381.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692299393.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692991549.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687862228.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687411258.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1694758534.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: file.exe, 00000000.00000003.1690618091.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687714832.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698037961.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691977367.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688573407.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688385647.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688492455.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688285782.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691733387.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688704118.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688025894.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688855381.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692299393.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692991549.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687862228.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687411258.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1694758534.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: file.exe, 00000000.00000003.1694758534.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: file.exe, 00000000.00000003.1687714832.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698037961.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691977367.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688573407.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690618091.000001F724DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688385647.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688492455.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688285782.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691733387.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688704118.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688025894.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688855381.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692299393.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692991549.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687862228.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687411258.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1694758534.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: file.exe, 00000001.00000003.2110863930.00000214FF9A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: file.exe, 00000001.00000002.2139722360.0000021481A93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/80
Source: file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: file.exe, 00000001.00000003.2104230165.00000214FFC8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110863930.00000214FF9A2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117528067.00000214FFC92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107937864.00000214FFC8E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103312630.00000214FFC7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118761418.00000214FFC92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122323104.00000214FF9BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122249938.00000214FFC94000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111847758.00000214FFC91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: file.exe, 00000001.00000003.2122368118.0000021481A7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.2124542602.0000021481A00000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2141249438.0000021482240000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118182346.00000214FFB9D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121542767.00000214FFB9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2138700348.0000021481710000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107285500.00000214FFB8B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104762804.00000214FFB8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: file.exe, 00000001.00000003.1718518630.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFAA6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2147814194.00000214FFE80000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1720121317.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2127810264.00000214FFAC1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2116526106.00000214FFAC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1716455558.00000214FFABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: file.exe, 00000001.00000002.2147814194.00000214FFE80000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1716455558.00000214FFABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar.tar.gz
Source: file.exe, 00000001.00000002.2147814194.00000214FFE80000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1716455558.00000214FFABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar.tgz
Source: file.exe, 00000001.00000003.2119974551.00000214FFA51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1721880040.00000214FFA49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1720121317.00000214FFA1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1721247684.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121180025.00000214FFA54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114974733.00000214FFA44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: file.exe, 00000001.00000003.2119974551.00000214FFA51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1721880040.00000214FFA49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1720121317.00000214FFA1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114974733.00000214FFA44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: file.exe, 00000001.00000003.1722215740.00000214FFC97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104230165.00000214FFC8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117528067.00000214FFC92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107937864.00000214FFC8E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110578380.00000214FFB4A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2147301932.00000214FFC98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103312630.00000214FFC7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118761418.00000214FFC92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1721247684.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122249938.00000214FFC94000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111847758.00000214FFC91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: file.exe, 00000001.00000003.2130839175.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146114251.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFAA6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121594121.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111364823.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126122145.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: file.exe, 00000000.00000003.1687714832.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698037961.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691977367.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688573407.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690618091.000001F724DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688385647.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688492455.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688285782.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691733387.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688704118.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688025894.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688855381.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692299393.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692991549.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687862228.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687411258.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1694758534.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.1690618091.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687714832.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698037961.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691977367.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688573407.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690618091.000001F724DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688385647.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688492455.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688285782.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691733387.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688704118.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688025894.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688855381.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692299393.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692991549.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687862228.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687411258.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: file.exe, 00000000.00000003.1690618091.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687714832.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698037961.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691977367.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688573407.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690618091.000001F724DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688385647.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688492455.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688285782.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691733387.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688704118.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688025894.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688855381.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692299393.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692991549.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687862228.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687411258.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: file.exe, 00000000.00000003.1690618091.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687714832.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698037961.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691977367.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688573407.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688385647.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688492455.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688285782.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691733387.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688704118.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688025894.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688855381.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692299393.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692991549.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687862228.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687411258.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1694758534.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: file.exe, 00000001.00000002.2147630243.00000214FFD80000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2147814194.00000214FFE80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: file.exe, 00000001.00000003.2110863930.00000214FF9A2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2108877369.00000214FFA95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122785368.00000214FFA96000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114732194.00000214FFA0B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126122145.00000214FFA9A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFA91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114732194.00000214FFA0B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: file.exe, 00000001.00000003.2123530256.00000214FF637000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122134839.0000021481AAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105574677.00000214FF5CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121671472.0000021481A9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2140592282.0000021481BD1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2139836782.0000021481AAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120640970.0000021481A9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107513071.00000214FF614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109613829.00000214FF630000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107003138.00000214FF60E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
Source: file.exe, 00000001.00000003.2119974551.00000214FFA51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121180025.00000214FFA54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114974733.00000214FFA44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: file.exe, 00000001.00000003.2108127631.0000021481B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2140226897.0000021481B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2141476897.00000214824F8000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122464311.0000021481B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2123285656.0000021481B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2141476897.0000021482498000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102396310.0000021481B51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc5234
Source: file.exe, 00000001.00000003.2123857047.0000021481A51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: file.exe, 00000001.00000003.2108127631.0000021481B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2140226897.0000021481B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2141476897.00000214824F8000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122464311.0000021481B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2123285656.0000021481B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2141476897.0000021482498000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102396310.0000021481B51000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6455#section-5.2
Source: file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2139780645.0000021481AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121671472.0000021481A9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120640970.0000021481A9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: file.exe, 00000001.00000003.2130839175.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146114251.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFAA6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121594121.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111364823.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126122145.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: file.exe, 00000001.00000003.2130648026.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2101914863.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2136299831.00000214FFD25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: file.exe, 00000001.00000003.2130839175.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146114251.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFAA6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121594121.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111364823.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126122145.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: file.exe, 00000001.00000003.2130839175.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146114251.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFAA6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121594121.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111364823.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126122145.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: file.exe, 00000001.00000003.2130839175.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146114251.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFAA6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121594121.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111364823.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126122145.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: file.exe, 00000000.00000003.1694956909.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/
Source: file.exe, 00000000.00000003.1695286751.000001F724DD3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1694956909.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1694956909.000001F724DD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2127856324.0000021481B05000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2139780645.0000021481AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121671472.0000021481A9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2112994189.00000214FFBDF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104502886.00000214FFBDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2119048801.00000214FFBE0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118660997.0000021481AF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120640970.0000021481A9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120314718.0000021481B03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110277873.00000214FFBDE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106175292.00000214FFBDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: file.exe, 00000001.00000002.2147630243.00000214FFD80000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1713395830.00000214FF60D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: file.exe, 00000001.00000003.2119974551.00000214FFA51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114067886.00000214FFD3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2101914863.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114974733.00000214FFA44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: file.exe, 00000001.00000003.2114067886.00000214FFD3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2101914863.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/5
Source: file.exe, 00000001.00000003.2119974551.00000214FFA51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114974733.00000214FFA44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/r
Source: file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121671472.0000021481A9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120640970.0000021481A9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121671472.0000021481A99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: file.exe, 00000000.00000003.1687714832.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698037961.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691977367.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688573407.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1690618091.000001F724DCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688385647.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688492455.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688285782.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1691733387.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688704118.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688025894.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688855381.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692299393.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1692991549.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687862228.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687411258.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1694758534.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, 00000001.00000002.2144027896.00000214FF282000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107151340.00000214FF280000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111278402.00000214FF281000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118182346.00000214FFB9D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121542767.00000214FFB9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107285500.00000214FFB8B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126784648.00000214FF282000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104762804.00000214FFB8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: file.exe, 00000001.00000003.2130648026.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2101914863.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2136299831.00000214FFD25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: file.exe, 00000001.00000002.2147515130.00000214FFD3E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2101914863.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2116254336.00000214FFD3C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2139780645.0000021481AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121671472.0000021481A9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120640970.0000021481A9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121671472.0000021481A9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120640970.0000021481A9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: file.exe, 00000001.00000003.1722215740.00000214FFC97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104230165.00000214FFC8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117528067.00000214FFC92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107937864.00000214FFC8E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2135904756.00000214FFCA3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103312630.00000214FFC7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118761418.00000214FFC92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122249938.00000214FFC94000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2147341704.00000214FFCA4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111847758.00000214FFC91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com
Source: file.exe, 00000001.00000002.2141864247.0000021482560000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/
Source: file.exe, 00000001.00000002.2141864247.0000021482560000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/0
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: file.exe, 00000001.00000002.2141476897.0000021482538000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot8095725853/sendDocument
Source: file.exe, 00000001.00000002.2141249438.0000021482314000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot8095725853/sendDocument?chat_id=7027613045%3AAAGX3rPO-1UHB195if6JIXakjYP
Source: file.exe, 00000001.00000002.2141249438.0000021482314000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot8095725853/senddocument?chat_id=7027613045%3aaagx3rpo-1uhb195if6jixakjyp
Source: file.exe, 00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/botz
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blog.jaraco.com/skeleton
Source: file.exe, 00000001.00000002.2138569145.0000021481610000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue44497.
Source: file.exe, 00000001.00000003.2137051242.00000214FF761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2134871251.00000214FF761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107105975.00000214FF741000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1715202312.00000214FF751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1713395830.00000214FF751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1714909364.00000214FF750000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2108261439.00000214FF742000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1711533233.00000214FF761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110787152.00000214FF756000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117848011.00000214FF75C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107053201.00000214FF72E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111485567.00000214FF75A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1714479771.00000214FF74A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1710765564.00000214FF761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104292483.00000214FF72D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717951813.00000214FF74A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1712356307.00000214FF761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109211449.00000214FF74F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1715930556.00000214FF74A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: file.exe, 00000001.00000002.2143166246.00000214FEFE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: file.exe, 00000001.00000002.2143166246.00000214FEFE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: file.exe, 00000001.00000002.2143166246.00000214FF064000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: file.exe, 00000001.00000002.2143166246.00000214FEFE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: file.exe, 00000001.00000002.2143166246.00000214FF064000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: file.exe, 00000001.00000002.2143166246.00000214FEFE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: file.exe, 00000001.00000002.2143166246.00000214FEFE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: file.exe, 00000001.00000002.2143166246.00000214FEFE0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: file.exe, 00000001.00000002.2143783583.00000214FF25A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120800361.00000214FF259000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
Source: file.exe, 00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1718518630.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFAA6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2132122047.00000214FFAD0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1720121317.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2127810264.00000214FFAC1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2116526106.00000214FFAC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: file.exe, 00000001.00000002.2147814194.00000214FFE80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: file.exe, 00000001.00000003.1721954365.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104230165.00000214FFC8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107937864.00000214FFC8E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103312630.00000214FFC7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111847758.00000214FFC91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: file.exe, 00000001.00000002.2142886417.00000214FEAD4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106756868.00000214FEA98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118042942.00000214FEACB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109007109.00000214FEAC6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2128059773.00000214FF24C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2143783583.00000214FF24C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2128304849.00000214FEACF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126900082.00000214FF249000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/astral-sh/ruff
Source: file.exe, file.exe, 00000001.00000002.2153038343.00007FFE0C0C2000.00000002.00000001.01000000.0000002C.sdmp, file.exe, 00000001.00000002.2153238930.00007FFE0CFAF000.00000002.00000001.01000000.0000002B.sdmp	String found in binary or memory: https://github.com/mhammond/pywin32
Source: file.exe, 00000001.00000002.2138437431.0000021481510000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/platformdirs/platformdirs
Source: file.exe, 00000000.00000003.1697117929.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
Source: file.exe, 00000001.00000002.2147814194.00000214FFE80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/packaging
Source: file.exe, 00000001.00000002.2138569145.0000021481610000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: file.exe, 00000001.00000002.2138569145.0000021481610000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
Source: file.exe, 00000001.00000002.2138437431.0000021481510000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml
Source: file.exe, 00000001.00000002.2138437431.0000021481510000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml0
Source: file.exe, 00000000.00000003.1697117929.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/wheel
Source: file.exe, 00000000.00000003.1697117929.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/wheel/issues
Source: file.exe, 00000001.00000002.2143166246.00000214FF064000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: file.exe, 00000001.00000003.2126900082.00000214FF249000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: file.exe, 00000001.00000002.2142886417.00000214FEAD4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106756868.00000214FEA98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118042942.00000214FEACB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109007109.00000214FEAC6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2128059773.00000214FF24C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2143783583.00000214FF24C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2128304849.00000214FEACF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126900082.00000214FF249000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: file.exe, 00000001.00000003.1715930556.00000214FF648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104354364.00000214FF67F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105284932.00000214FF709000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105155606.00000214FF68F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107596886.00000214FF70D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1715063817.00000214FF6FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1714479771.00000214FF6FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118404849.00000214FF70F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1712550325.00000214FF5E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104432399.00000214FF683000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1713395830.00000214FF6FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1712550325.00000214FF589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1719024425.00000214FF637000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/issues
Source: file.exe, 00000001.00000002.2147630243.00000214FFD80000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1714479771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
Source: file.exe, 00000001.00000002.2142886417.00000214FEAD4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106756868.00000214FEA98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118042942.00000214FEACB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109007109.00000214FEAC6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2128059773.00000214FF24C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2143783583.00000214FF24C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2128304849.00000214FEACF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126900082.00000214FF249000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: file.exe, 00000001.00000003.2110863930.00000214FF9A2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2145807414.00000214FF9C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122323104.00000214FF9BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/29200
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: file.exe, 00000001.00000003.1721954365.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110863930.00000214FF9A2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146954612.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117773640.00000214FF9A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1721247684.00000214FFB8A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104762804.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2113497364.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2116867283.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118182346.00000214FFB9D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2125420814.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121542767.00000214FFB9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107285500.00000214FFB8B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104762804.00000214FFB8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: file.exe, 00000001.00000003.1721954365.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110863930.00000214FF9A2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146954612.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117773640.00000214FF9A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104762804.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2113497364.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2116867283.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2125420814.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail
Source: file.exe, 00000001.00000003.2116526106.00000214FFAC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail/
Source: file.exe, 00000001.00000003.2110863930.00000214FF9A2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2119466215.00000214FF9C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: file.exe, 00000001.00000003.2104762804.00000214FFB8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: file.exe, 00000001.00000003.2130839175.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2123530256.00000214FF637000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2137480353.00000214FFB6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146114251.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105574677.00000214FF5CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFAA6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146673781.00000214FFB72000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2137845154.00000214FFB71000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118227425.00000214FFB61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110578380.00000214FFB4A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121594121.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121798487.00000214FFBB4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111364823.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107513071.00000214FF614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109613829.00000214FF630000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126122145.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: file.exe, 00000001.00000003.2136050933.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117277157.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1720121317.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146285438.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2116526106.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://importlib-metadata.readthedocs.io/
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
Source: file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110863930.00000214FF9A2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1718518630.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105574677.00000214FF5CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2124377657.00000214FF5A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110504738.00000214FF72E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117773640.00000214FF9A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1721247684.00000214FFB8A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110277873.00000214FFBDB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717288320.00000214FFBD7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107053201.00000214FF72E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107513071.00000214FF614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2136925482.00000214FF5AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109613829.00000214FF630000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107003138.00000214FF60E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1720121317.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2108710356.00000214FF72E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104292483.00000214FF72D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118404849.00000214FF72E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107285500.00000214FFB8B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107238728.00000214FF5A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://json.org
Source: file.exe, 00000001.00000003.1715930556.00000214FF648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104354364.00000214FF67F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107596886.00000214FF680000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1719024425.00000214FF637000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120640970.0000021481A9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: file.exe, 00000001.00000002.2138700348.0000021481710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
Source: file.exe, 00000001.00000002.2138700348.0000021481710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
Source: file.exe, 00000001.00000002.2138569145.0000021481610000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadata
Source: file.exe, 00000001.00000002.2138569145.0000021481610000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
Source: file.exe, 00000001.00000003.2110031802.00000214FFB16000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105909756.00000214FFB13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1720121317.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146402786.00000214FFB1A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1718518630.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126663400.00000214FFB16000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/#file-format
Source: file.exe, 00000001.00000002.2146441900.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1718518630.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2113962803.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1721247684.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
Source: file.exe, 00000001.00000003.2110031802.00000214FFB16000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105909756.00000214FFB13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1720121317.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146402786.00000214FFB1A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1718518630.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126663400.00000214FFB16000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-file
Source: file.exe, 00000001.00000002.2138569145.0000021481610000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: file.exe, 00000001.00000003.1704045249.00000214FF241000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2145484367.00000214FF780000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://peps.python.org/pep-0205/
Source: file.exe, 00000001.00000002.2150063973.00007FFDFB668000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: https://peps.python.org/pep-0263/
Source: file.exe, 00000001.00000002.2138700348.0000021481710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://peps.python.org/pep-0685/
Source: file.exe, 00000001.00000002.2138569145.0000021481610000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2138700348.0000021481710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/build/).
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/importlib_metadata
Source: file.exe, 00000000.00000003.1697117929.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://pypi.org/project/setuptools/
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
Source: file.exe, 00000001.00000002.2147814194.00000214FFE80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: file.exe, 00000001.00000003.2136050933.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117277157.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1720121317.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146285438.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2116526106.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: file.exe, 00000001.00000002.2138700348.0000021481710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/
Source: file.exe, 00000001.00000003.1709784973.00000214FF9C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709736637.00000214FF731000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709822636.00000214FF732000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709627369.00000214FF9C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
Source: file.exe, 00000001.00000003.1709784973.00000214FF9C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1712550325.00000214FF5A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1713684540.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105574677.00000214FF5CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1711744635.00000214FF5A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709711006.00000214FF748000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1713914068.00000214FF5A7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1714479771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709687097.00000214FF75A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110113331.00000214FF5CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709627369.00000214FF9C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2115614251.00000214FF5CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: file.exe, 00000001.00000002.2145583592.00000214FF880000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
Source: file.exe, 00000001.00000002.2145583592.00000214FF880000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages0
Source: file.exe, 00000001.00000003.1709784973.00000214FF9C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709627369.00000214FF981000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709627369.00000214FF9C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr;
Source: file.exe, 00000001.00000003.1709784973.00000214FF9C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709627369.00000214FF981000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709627369.00000214FF9C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr;r
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
Source: file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
Source: file.exe, 00000001.00000003.2112994189.00000214FFBDF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104502886.00000214FFBDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2119048801.00000214FFBE0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1721247684.00000214FFB8A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110277873.00000214FFBDE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106175292.00000214FFBDE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121671472.0000021481A9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120640970.0000021481A9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121671472.0000021481A99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107105975.00000214FF741000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2108261439.00000214FF742000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110787152.00000214FF756000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107053201.00000214FF72E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104292483.00000214FF72D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717951813.00000214FF74A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109211449.00000214FF74F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1715930556.00000214FF74A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: file.exe, 00000001.00000003.1721247684.00000214FFB8A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118182346.00000214FFB9D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121542767.00000214FFB9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107285500.00000214FFB8B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104762804.00000214FFB8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: file.exe, 00000001.00000002.2138700348.0000021481710000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: file.exe, 00000001.00000003.1721247684.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsN
Source: file.exe, 00000000.00000003.1697117929.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wheel.readthedocs.io/
Source: file.exe, 00000000.00000003.1697117929.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wheel.readthedocs.io/en/stable/news.html
Source: file.exe, 00000001.00000003.1715930556.00000214FF648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2116206020.00000214FF73A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107053201.00000214FF72E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109747468.00000214FF731000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2132429266.00000214FF73C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2108710356.00000214FF72E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104292483.00000214FF72D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1719024425.00000214FF637000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
Source: file.exe, 00000001.00000003.2123530256.00000214FF637000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105574677.00000214FF5CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107513071.00000214FF614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109613829.00000214FF630000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107003138.00000214FF60E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: file.exe, 00000000.00000003.1691977367.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2149668247.00007FFDFB244000.00000002.00000001.01000000.0000000F.sdmp, file.exe, 00000001.00000002.2152763726.00007FFE01470000.00000002.00000001.01000000.00000013.sdmp	String found in binary or memory: https://www.openssl.org/H
Source: file.exe, 00000001.00000003.2136050933.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117277157.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1720121317.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146285438.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2116526106.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: file.exe, 00000001.00000003.1715930556.00000214FF648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104354364.00000214FF67F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107596886.00000214FF680000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1719024425.00000214FF637000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/
Source: file.exe, 00000000.00000003.1697117929.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/dev/peps/pep-0427/
Source: file.exe, 00000001.00000002.2150063973.00007FFDFB668000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.python.org/psf/license/)
Source: file.exe, 00000001.00000003.2112994189.00000214FFBDF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104502886.00000214FFBDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2119048801.00000214FFBE0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1721247684.00000214FFB8A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110277873.00000214FFBDE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106175292.00000214FFBDE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107285500.00000214FFB8B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104762804.00000214FFB8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: file.exe, 00000001.00000002.2147553373.00000214FFD5C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114067886.00000214FFD3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2101914863.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118513741.00000214FFD5C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146001431.00000214FFA4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114974733.00000214FFA44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: file.exe, 00000001.00000003.1721954365.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110863930.00000214FF9A2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146954612.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117773640.00000214FF9A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104762804.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2113497364.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2116867283.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2125420814.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.53.9:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49839 version: TLS 1.2

Source: C:\Windows\System32\dxdiag.exe

Windows user hook set: 0 mouse low level C:\Windows\system32\dinput8.dll

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF25C00	0_2_00007FF6BAF25C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF26964	0_2_00007FF6BAF26964
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF089E0	0_2_00007FF6BAF089E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF01000	0_2_00007FF6BAF01000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF208C8	0_2_00007FF6BAF208C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF0A474	0_2_00007FF6BAF0A474
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF0ACAD	0_2_00007FF6BAF0ACAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF15D30	0_2_00007FF6BAF15D30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF11B50	0_2_00007FF6BAF11B50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF12C10	0_2_00007FF6BAF12C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF23C10	0_2_00007FF6BAF23C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF26418	0_2_00007FF6BAF26418
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF208C8	0_2_00007FF6BAF208C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF1DA5C	0_2_00007FF6BAF1DA5C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF0A2DB	0_2_00007FF6BAF0A2DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF11944	0_2_00007FF6BAF11944
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF12164	0_2_00007FF6BAF12164
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF139A4	0_2_00007FF6BAF139A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF21874	0_2_00007FF6BAF21874
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF240AC	0_2_00007FF6BAF240AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF180E4	0_2_00007FF6BAF180E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF11740	0_2_00007FF6BAF11740
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF11F60	0_2_00007FF6BAF11F60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF18794	0_2_00007FF6BAF18794
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF09800	0_2_00007FF6BAF09800
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF25E7C	0_2_00007FF6BAF25E7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF19EA0	0_2_00007FF6BAF19EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF1DEF0	0_2_00007FF6BAF1DEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF29728	0_2_00007FF6BAF29728
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF11D54	0_2_00007FF6BAF11D54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF1E570	0_2_00007FF6BAF1E570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF135A0	0_2_00007FF6BAF135A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF26964	1_2_00007FF6BAF26964
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF01000	1_2_00007FF6BAF01000
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF0A474	1_2_00007FF6BAF0A474
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF0ACAD	1_2_00007FF6BAF0ACAD
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF15D30	1_2_00007FF6BAF15D30
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF11B50	1_2_00007FF6BAF11B50
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF25C00	1_2_00007FF6BAF25C00
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF12C10	1_2_00007FF6BAF12C10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF23C10	1_2_00007FF6BAF23C10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF26418	1_2_00007FF6BAF26418
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF208C8	1_2_00007FF6BAF208C8
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF1DA5C	1_2_00007FF6BAF1DA5C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF0A2DB	1_2_00007FF6BAF0A2DB
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF11944	1_2_00007FF6BAF11944
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF12164	1_2_00007FF6BAF12164
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF139A4	1_2_00007FF6BAF139A4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF089E0	1_2_00007FF6BAF089E0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF21874	1_2_00007FF6BAF21874
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF240AC	1_2_00007FF6BAF240AC
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF208C8	1_2_00007FF6BAF208C8
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF180E4	1_2_00007FF6BAF180E4
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF11740	1_2_00007FF6BAF11740
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF11F60	1_2_00007FF6BAF11F60
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF18794	1_2_00007FF6BAF18794
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF09800	1_2_00007FF6BAF09800
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF25E7C	1_2_00007FF6BAF25E7C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF19EA0	1_2_00007FF6BAF19EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF1DEF0	1_2_00007FF6BAF1DEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF29728	1_2_00007FF6BAF29728
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF11D54	1_2_00007FF6BAF11D54
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF1E570	1_2_00007FF6BAF1E570
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF135A0	1_2_00007FF6BAF135A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF214C70	1_2_00007FFDFF214C70
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1A92B0	1_2_00007FFDFF1A92B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1B2250	1_2_00007FFDFF1B2250
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF244FC0	1_2_00007FFDFF244FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF21BFC0	1_2_00007FFDFF21BFC0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1B7040	1_2_00007FFDFF1B7040
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1B8020	1_2_00007FFDFF1B8020
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1D4E70	1_2_00007FFDFF1D4E70
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF22CEA0	1_2_00007FFDFF22CEA0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF20CF30	1_2_00007FFDFF20CF30
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1A0DC0	1_2_00007FFDFF1A0DC0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1BDDB0	1_2_00007FFDFF1BDDB0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF228C80	1_2_00007FFDFF228C80
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1EBCC0	1_2_00007FFDFF1EBCC0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF21ACA0	1_2_00007FFDFF21ACA0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1A9D00	1_2_00007FFDFF1A9D00
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1E0CE0	1_2_00007FFDFF1E0CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF19BD30	1_2_00007FFDFF19BD30
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF199B90	1_2_00007FFDFF199B90
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF193C10	1_2_00007FFDFF193C10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF242BF0	1_2_00007FFDFF242BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1ACC40	1_2_00007FFDFF1ACC40
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1ECC40	1_2_00007FFDFF1ECC40
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1CCC59	1_2_00007FFDFF1CCC59
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1FBB00	1_2_00007FFDFF1FBB00
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1E6B40	1_2_00007FFDFF1E6B40
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1F4B20	1_2_00007FFDFF1F4B20
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1B99A0	1_2_00007FFDFF1B99A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF19FA10	1_2_00007FFDFF19FA10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1D5880	1_2_00007FFDFF1D5880
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF19288E	1_2_00007FFDFF19288E
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF19A8C0	1_2_00007FFDFF19A8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1F2950	1_2_00007FFDFF1F2950
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1A6930	1_2_00007FFDFF1A6930
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF2027E6	1_2_00007FFDFF2027E6
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1FC840	1_2_00007FFDFF1FC840
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF194820	1_2_00007FFDFF194820
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1EE670	1_2_00007FFDFF1EE670
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1F06C0	1_2_00007FFDFF1F06C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF207750	1_2_00007FFDFF207750
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF194570	1_2_00007FFDFF194570
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1BE5C0	1_2_00007FFDFF1BE5C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1C15A0	1_2_00007FFDFF1C15A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1B45A0	1_2_00007FFDFF1B45A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1EB5B0	1_2_00007FFDFF1EB5B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1A3650	1_2_00007FFDFF1A3650
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1994D0	1_2_00007FFDFF1994D0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF2354A0	1_2_00007FFDFF2354A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1DA510	1_2_00007FFDFF1DA510
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1AC380	1_2_00007FFDFF1AC380
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF2043B0	1_2_00007FFDFF2043B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1DF2D0	1_2_00007FFDFF1DF2D0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF2542B0	1_2_00007FFDFF2542B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1AD2B0	1_2_00007FFDFF1AD2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF21A300	1_2_00007FFDFF21A300
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1BD310	1_2_00007FFDFF1BD310
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1932F5	1_2_00007FFDFF1932F5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1BF2F0	1_2_00007FFDFF1BF2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1F7350	1_2_00007FFDFF1F7350
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF197336	1_2_00007FFDFF197336
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1A21E0	1_2_00007FFDFF1A21E0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF194120	1_2_00007FFDFF194120
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01301950	1_2_00007FFE01301950
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01302270	1_2_00007FFE01302270
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01301300	1_2_00007FFE01301300
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1D93	1_2_00007FFE013B1D93
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B16FE	1_2_00007FFE013B16FE
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B116D	1_2_00007FFE013B116D
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B8720	1_2_00007FFE013B8720
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1EE2	1_2_00007FFE013B1EE2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1618	1_2_00007FFE013B1618
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01428870	1_2_00007FFE01428870
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013E8920	1_2_00007FFE013E8920
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B2617	1_2_00007FFE013B2617
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1A0F	1_2_00007FFE013B1A0F
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1CBC	1_2_00007FFE013B1CBC
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B1B54	1_2_00007FFE013B1B54
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE0142AC80	1_2_00007FFE0142AC80
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B149C	1_2_00007FFE013B149C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B117C	1_2_00007FFE013B117C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013B2702	1_2_00007FFE013B2702

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDFF19A500 appears 163 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDFF199340 appears 135 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFE0142D341 appears 646 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FF6BAF02710 appears 104 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFE0142D32F appears 177 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FF6BAF02910 appears 34 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFDFF1C1E20 appears 33 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FFE013B1325 appears 243 times

Source: _overlapped.pyd.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: file.exe, 00000000.00000003.1687714832.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1694627674.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepywintypes313.dll0 vs file.exe
Source: file.exe, 00000000.00000003.1698037961.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesqlite3.dll0 vs file.exe
Source: file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1691977367.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs file.exe
Source: file.exe, 00000000.00000003.1688573407.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1688385647.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_overlapped.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1688492455.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1688285782.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_multiprocessing.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_wmi.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1688704118.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_sqlite3.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1698959905.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamewin32crypt.pyd0 vs file.exe
Source: file.exe, 00000000.00000003.1688025894.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1688855381.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1692299393.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepyexpat.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1687009658.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs file.exe
Source: file.exe, 00000000.00000003.1687157131.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs file.exe
Source: file.exe, 00000000.00000003.1687862228.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_decimal.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_asyncio.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1687411258.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1694758534.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs file.exe
Source: file.exe	Binary or memory string: OriginalFilename vs file.exe
Source: file.exe, 00000001.00000002.2149668247.00007FFDFB244000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: OriginalFilenamelibcryptoH vs file.exe
Source: file.exe, 00000001.00000002.2159763607.00007FFE130C8000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilename_wmi.pyd. vs file.exe
Source: file.exe, 00000001.00000002.2151957042.00007FFDFF2F8000.00000002.00000001.01000000.00000015.sdmp	Binary or memory string: OriginalFilenamesqlite3.dll0 vs file.exe
Source: file.exe, 00000001.00000002.2157787609.00007FFE11523000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs file.exe
Source: file.exe, 00000001.00000002.2159358922.00007FFE126F3000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs file.exe
Source: file.exe, 00000001.00000002.2159962826.00007FFE13212000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs file.exe
Source: file.exe, 00000001.00000002.2156825000.00007FFE1031C000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: OriginalFilename_sqlite3.pyd. vs file.exe
Source: file.exe, 00000001.00000002.2153038343.00007FFE0C0C2000.00000002.00000001.01000000.0000002C.sdmp	Binary or memory string: OriginalFilenamepywintypes313.dll0 vs file.exe
Source: file.exe, 00000001.00000002.2158377318.00007FFE11EA6000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs file.exe
Source: file.exe, 00000001.00000002.2159566763.00007FFE12E19000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs file.exe
Source: file.exe, 00000001.00000002.2159115880.00007FFE126C6000.00000002.00000001.01000000.0000000D.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs file.exe
Source: file.exe, 00000001.00000002.2158887204.00007FFE120CD000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs file.exe
Source: file.exe, 00000001.00000002.2160395061.00007FFE1331A000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs file.exe
Source: file.exe, 00000001.00000002.2158652301.00007FFE11EDE000.00000002.00000001.01000000.0000000C.sdmp	Binary or memory string: OriginalFilenamepyexpat.pyd. vs file.exe
Source: file.exe, 00000001.00000002.2151631313.00007FFDFB8A0000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenamepython313.dll. vs file.exe
Source: file.exe, 00000001.00000002.2152763726.00007FFE01470000.00000002.00000001.01000000.00000013.sdmp	Binary or memory string: OriginalFilenamelibsslH vs file.exe
Source: file.exe, 00000001.00000002.2156625851.00007FFE1026A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs file.exe
Source: file.exe, 00000001.00000002.2152364570.00007FFE013AC000.00000002.00000001.01000000.00000018.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs file.exe
Source: file.exe, 00000001.00000002.2153238930.00007FFE0CFAF000.00000002.00000001.01000000.0000002B.sdmp	Binary or memory string: OriginalFilenamewin32crypt.pyd0 vs file.exe

Source: unknown

Driver loaded: C:\Windows\System32\drivers\mstee.sys

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@72/400@24/15

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Bunny

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7952:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:928:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1720:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI29922

Jump to behavior

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\dxdiag.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\dxdiag.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")

Source: C:\Windows\System32\dxdiag.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000001.00000002.2151849876.00007FFDFF2C4000.00000002.00000001.01000000.00000015.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT item1, item2 FROM metadata;
Source: file.exe, 00000001.00000002.2151849876.00007FFDFF2C4000.00000002.00000001.01000000.00000015.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000001.00000002.2151849876.00007FFDFF2C4000.00000002.00000001.01000000.00000015.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000001.00000002.2151849876.00007FFDFF2C4000.00000002.00000001.01000000.00000015.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: file.exe, file.exe, 00000001.00000002.2151849876.00007FFDFF2C4000.00000002.00000001.01000000.00000015.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000001.00000002.2151849876.00007FFDFF2C4000.00000002.00000001.01000000.00000015.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT a11, a102 FROM nssPrivate WHERE a102 = ?;
Source: file.exe, 00000001.00000002.2151849876.00007FFDFF2C4000.00000002.00000001.01000000.00000015.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: file.exe

ReversingLabs: Detection: 13%

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\dxdiag.exe dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1980 --field-trial-handle=1928,i,10138963520009945514,5208888711942787013,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2024 --field-trial-handle=1932,i,6186283230393300826,18104412640596963689,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2056 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --no-sandbox --mojo-platform-channel-handle=5308 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --no-sandbox --onnx-enabled-for-ee --mojo-platform-channel-handle=5412 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=5760 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=5760 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --no-sandbox --message-loop-type-ui --mojo-platform-channel-handle=2540 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\dxdiag.exe dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=1980 --field-trial-handle=1928,i,10138963520009945514,5208888711942787013,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --no-sandbox --message-loop-type-ui --mojo-platform-channel-handle=2540 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2024 --field-trial-handle=1932,i,6186283230393300826,18104412640596963689,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2056 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --no-sandbox --mojo-platform-channel-handle=5308 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --no-sandbox --onnx-enabled-for-ee --mojo-platform-channel-handle=5412 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=5760 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=5760 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --no-sandbox --message-loop-type-ui --mojo-platform-channel-handle=2540 --field-trial-handle=1976,i,1455327040868021554,2898897310355900998,262144 /prefetch:8

Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: python3.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: libffi-8.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: libcrypto-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: libssl-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sqlite3.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pywintypes313.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dxdiagn.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d12.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: wmiclnt.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: winbrand.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dsound.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: devrtl.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: spinf.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: drvstore.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: spfileq.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: wifidisplay.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: wlanapi.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: mf.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: mfcore.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: mfsensorgroup.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: comppkgsup.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: windows.media.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: windows.applicationmodel.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dispbroker.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d12core.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dxilconv.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3dscache.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: mscat32.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: ddraw.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dinput8.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: hid.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: quartz.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll

Source: C:\Windows\System32\dxdiag.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: file.exe

Static file information: File size 13960143 > 1048576

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2152107652.00007FFE013A7000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb\| source: file.exe, 00000001.00000002.2149200604.00007FFDFB19A000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdbDD source: file.exe, 00000001.00000002.2152671744.00007FFE01435000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb** source: file.exe, 00000001.00000002.2152957100.00007FFE0C0B1000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_wmi.pdb(('GCTL source: file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2159684612.00007FFE130C4000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL \|\| WITHIN_ARENA(temp->next)assertion failed: (char *)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source:	Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: file.exe, 00000000.00000003.1688385647.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: file.exe, 00000000.00000003.1687009658.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2160311288.00007FFE13314000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: file.exe, 00000001.00000002.2149200604.00007FFDFB102000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: file.exe, 00000000.00000003.1687009658.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2160311288.00007FFE13314000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: file.exe, 00000001.00000002.2151849876.00007FFDFF2C4000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb source: file.exe, 00000001.00000002.2149200604.00007FFDFB19A000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: file.exe, 00000000.00000003.1688285782.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32crypt.pdb!! source: file.exe, 00000001.00000002.2153158919.00007FFE0CFA2000.00000002.00000001.01000000.0000002B.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: file.exe, 00000000.00000003.1687157131.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2159486915.00007FFE12E15000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: file.exe, 00000000.00000003.1694758534.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2158289464.00007FFE11EA3000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb source: file.exe, 00000001.00000002.2152957100.00007FFE0C0B1000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: file.exe, 00000000.00000003.1688025894.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2158792768.00007FFE120C6000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2159238918.00007FFE126EB000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: file.exe, 00000001.00000002.2158536684.00007FFE11ED2000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: file.exe, 00000000.00000003.1688492455.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2159032410.00007FFE126C3000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32crypt.pdb source: file.exe, 00000001.00000002.2153158919.00007FFE0CFA2000.00000002.00000001.01000000.0000002B.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: file.exe, 00000000.00000003.1688158142.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2159238918.00007FFE126EB000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: file.exe, 00000000.00000003.1687411258.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2159881473.00007FFE1320D000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: file.exe, 00000000.00000003.1689025559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2159684612.00007FFE130C4000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: file.exe, 00000000.00000003.1688573407.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2157666533.00007FFE11519000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: file.exe, 00000001.00000002.2156747532.00007FFE1030F000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python313.pdb source: file.exe, 00000001.00000002.2150063973.00007FFDFB668000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: file.exe, 00000000.00000003.1687157131.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2159486915.00007FFE12E15000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdb source: file.exe, 00000001.00000002.2152671744.00007FFE01435000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: file.exe, 00000001.00000002.2156461817.00007FFE1024E000.00000002.00000001.01000000.00000012.sdmp

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: VCRUNTIME140.dll.0.dr

Static PE information: 0x78BDDED1 [Sat Mar 11 17:01:05 2034 UTC]

Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: fothk
Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: _RDATA
Source: libcrypto-3.dll.0.dr	Static PE information: section name: .00cfg
Source: libssl-3.dll.0.dr	Static PE information: section name: .00cfg
Source: python313.dll.0.dr	Static PE information: section name: PyRuntim

Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1D27AE push rsp; iretd	1_2_00007FFDFF1D27B9
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF1D267D push rbx; retf	1_2_00007FFDFF1D2685
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE013D4331 push rcx; ret	1_2_00007FFE013D4332

Persistence and Installation Behavior

Found pyInstaller with non standard icon

Source: C:\Users\user\Desktop\file.exe

Process created: "C:\Users\user\Desktop\file.exe"

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey\_curve25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\pywin32_system32\pywintypes313.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\python313.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\libssl-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\win32\win32crypt.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\libcrypto-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\libffi-8.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_chacha20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\charset_normalizer\md__mypyc.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\charset_normalizer\md.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey\_curve448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Util\_cpuid_c.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\_cffi_backend.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI29922\VCRUNTIME140.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF6BAF05830 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,

0_2_00007FF6BAF05830

Source: C:\Windows\System32\dxdiag.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\System32\dxdiag.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : ASSOCIATORS OF {Win32_DiskPartition.DeviceID="Disk #0, Partition #1"} WHERE ResultClass = Win32_DiskDrive
Source: C:\Windows\System32\dxdiag.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Dependent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Source: C:\Windows\System32\dxdiag.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_LogicalDisk Where DriveType=3

Query firmware table information (likely to detect VMs)

Source: C:\Windows\System32\dxdiag.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: PROCESSHACKER.EXE
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: QEMU-GA.EXE
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: X64DBG.EXE
Source: file.exe, 00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: QEMU-GA.EXEZ
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DX64DBG.EXE
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DFIDDLER.EXE
Source: file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: WIRESHARK.EXEZ
Source: file.exe, 00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PROCESSHACKER.EXEZ
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DVMUSRVC.EXE
Source: file.exe, 00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: XENSERVICE.EXEZ
Source: file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OLLYDBG.EXEZ
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OLLYDBG.EXE
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DWIRESHARK.EXE
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMUSRVC.EXE
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DXENSERVICE.EXE
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DOLLYDBG.EXE
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DQEMU-GA.EXE
Source: file.exe, 00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMUSRVC.EXEZ
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: FIDDLER.EXE
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: XENSERVICE.EXE
Source: file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FIDDLER.EXEZ
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DPROCESSHACKER.EXE
Source: file.exe, 00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: X64DBG.EXEZ
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: WIRESHARK.EXE

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00007FFE013F8816 sgdt fword ptr [rax]

1_2_00007FFE013F8816

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey\_curve25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\python313.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\win32\win32crypt.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_chacha20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\charset_normalizer\md__mypyc.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\charset_normalizer\md.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\pyexpat.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey\_curve448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Util\_cpuid_c.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\_cffi_backend.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_0-18183

Source: C:\Users\user\Desktop\file.exe

API coverage: 2.1 %

Source: C:\Windows\System32\dxdiag.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Source: C:\Windows\System32\dxdiag.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Windows\System32\dxdiag.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\dxdiag.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00007FF6BAF083C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF09280 FindFirstFileExW,FindClose,	0_2_00007FF6BAF09280
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF6BAF21874
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF09280 FindFirstFileExW,FindClose,	1_2_00007FF6BAF09280
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF083C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	1_2_00007FF6BAF083C0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF21874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00007FF6BAF21874

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_00007FFDFF1A1230 GetSystemInfo,

1_2_00007FFDFF1A1230

Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtray.exe
Source: file.exe, 00000000.00000003.1689562884.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmtoolsd.exez
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmwaretray.exe
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmusrvc.exe
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dvmusrvc.exe
Source: file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmsrvc.exez
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd.exe
Source: file.exe, 00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Videoz
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dvmwaretray.exe
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-ga.exe
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dqemu-ga.exe
Source: file.exe, 00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: qemu-ga.exez
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dVMware SVGA 3D
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dvboxtray.exe
Source: file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware SVGA 3Dz
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dvmtoolsd.exe
Source: file.exe, 00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vboxtray.exez
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dvboxservice.exe
Source: file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vboxservice.exez
Source: file.exe, 00000001.00000002.2147630243.00000214FFD80000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dro.kernel.qemu
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmwareuser.exe
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware SVGA 3D
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Video
Source: file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmwareuser.exez
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dvmsrvc.exe
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dMicrosoft Hyper-V Video
Source: file.exe, 00000001.00000003.2110863930.00000214FF9A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWS
Source: file.exe, 00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmusrvc.exez
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: dvmwareuser.exe
Source: file.exe, 00000001.00000002.2147630243.00000214FFD80000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ro.kernel.qemu
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmsrvc.exe
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vboxservice.exe
Source: file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmwaretray.exez

Source: C:\Windows\System32\dxdiag.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF6BAF0D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF6BAF0D12C

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF6BAF23480 GetProcessHeap,

0_2_00007FF6BAF23480

Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF0D30C SetUnhandledExceptionFilter,	0_2_00007FF6BAF0D30C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF0C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF6BAF0C8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF0D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF6BAF0D12C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF6BAF1A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF6BAF1A614
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF0D30C SetUnhandledExceptionFilter,	1_2_00007FF6BAF0D30C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF0C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00007FF6BAF0C8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF0D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FF6BAF0D12C
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FF6BAF1A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FF6BAF1A614
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFDFF2C2920 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00007FFDFF2C2920
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01302C90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00007FFE01302C90
Source: C:\Users\user\Desktop\file.exe	Code function: 1_2_00007FFE01303248 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FFE01303248

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Section loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonly

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\dxdiag.exe dxdiag /t C:\Users\user\AppData\Local\Bunny\Info.txt	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF6BAF29570 cpuid

0_2_00007FF6BAF29570

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Util VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\_ctypes.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\_hashlib.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\_socket.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\select.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\_ssl.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\charset_normalizer\md.cp313-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\charset_normalizer\md__mypyc.cp313-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\unicodedata.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\win32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\pywin32_system32 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922\setuptools\_vendor VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI29922 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0110~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\dxdiag.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0110~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF6BAF0D010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF6BAF0D010

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF6BAF25C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF6BAF25C00

Source: C:\Windows\System32\dxdiag.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OllyDbg.exe
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Wireshark.exe
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: wireshark.exe
Source: file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ollydbg.exe

Stealing of Sensitive Information

Yara detected Telegram RAT

Source: Yara match	File source: 00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2108, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\epapihdplajcdnnkdeiahlgigofloibg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ebfidpplhabeedpnhjnobghokpiioolj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hmeobnfnfcmdkdcmlblgagmfpfboieaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\webdata.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cgeeodpfagjceefieflmdfphplkenlfk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\khpkpbbcccdmmclmpigdgddabeilkdpd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgffkfbidihjpoaomajlbgchddlicgpn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mdjmfdffdcmnoblignmgpommbefadffd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nphplpgoakhhjchkkhmiggakijnkhfnd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhilaheimglignddkjgofkcbgekhenbh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9876 --profile-directory=Default --remote-allow-origins=* --window-position=10000,10000 --window-size=1,1 --disable-gpu --no-sandbox

Yara detected Telegram RAT

Source: Yara match	File source: 00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2108, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	231 Windows Management Instrumentation	1 LSASS Driver	1 LSASS Driver	1 Disable or Modify Tools	1 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	1 Input Capture	2 File and Directory Discovery	Remote Desktop Protocol	1 Data from Local System	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	2 Obfuscated Files or Information	Security Account Manager	145 System Information Discovery	SMB/Windows Admin Shares	1 Input Capture	21 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	111 Process Injection	1 Timestomp	NTDS	451 Security Software Discovery	Distributed Component Object Model	Input Capture	1 Remote Access Software	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	23 Virtualization/Sandbox Evasion	SSH	Keylogging	3 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Extra Window Memory Injection	Cached Domain Credentials	1 Process Discovery	VNC	GUI Input Capture	4 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Masquerading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	23 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	111 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	13%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_ARC4.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_Salsa20.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_chacha20.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_pkcs1_decode.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_aes.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_aesni.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_arc2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_blowfish.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_cast.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_cbc.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_cfb.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_ctr.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_des.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_des3.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_ecb.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_eksblowfish.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_ocb.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_raw_ofb.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_BLAKE2b.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_BLAKE2s.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_MD2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_MD4.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_MD5.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_RIPEMD160.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_SHA1.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_SHA224.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_SHA256.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_SHA384.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_SHA512.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_ghash_clmul.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_ghash_portable.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_keccak.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Hash\_poly1305.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Math\_modexp.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Protocol\_scrypt.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey\_curve25519.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey\_curve448.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey\_ec_ws.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey\_ed25519.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\PublicKey\_ed448.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Util\_cpuid_c.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Util\_strxor.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\VCRUNTIME140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\VCRUNTIME140_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\_asyncio.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\_bz2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\_cffi_backend.cp313-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\_ctypes.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\_decimal.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\_hashlib.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\_lzma.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\_multiprocessing.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\_overlapped.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\_queue.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\_socket.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\_sqlite3.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\_ssl.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\_wmi.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\charset_normalizer\md.cp313-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\charset_normalizer\md__mypyc.cp313-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\libcrypto-3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\libffi-8.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\libssl-3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\pyexpat.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\python313.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\pywin32_system32\pywintypes313.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\select.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\sqlite3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\unicodedata.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29922\win32\win32crypt.pyd	0%	ReversingLabs

Name	IP	Active	Malicious	Reputation
s-part-0012.t-0009.t-msedge.net	13.107.246.40	true	false	high
chrome.cloudflare-dns.com	172.64.41.3	true	false	high
api.myip.com	104.26.8.59	true	false	high
sb.scorecardresearch.com	18.165.220.106	true	false	high
www.google.com	142.250.181.100	true	false	high
api.telegram.org	149.154.167.220	true	false	high
googlehosted.l.googleusercontent.com	142.250.181.65	true	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
assets.msn.com	unknown	unknown	false	high
c.msn.com	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-2.2.2&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732223371000&w=0&anoncknm=app_anon	false		high
https://assets2.msn.com/bundles/v1/edgeChromium/latest/vendors.7e27cca6027b8d6697cb.js	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://github.com/urllib3/urllib3/issues/29200	file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	false	high
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf	file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120640970.0000021481A9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.telegram.org/bot	file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	false	high
https://github.com/astral-sh/ruff	file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.telegram.org/botz	file.exe, 00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717864531.00000214FFC84000.00000004.00000020.00020000.00000000.sdmp	false	high
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages	file.exe, 00000001.00000002.2145583592.00000214FF880000.00000004.00001000.00020000.00000000.sdmp	false	high
https://github.com/mhammond/pywin32	file.exe, file.exe, 00000001.00000002.2153038343.00007FFE0C0C2000.00000002.00000001.01000000.0000002C.sdmp, file.exe, 00000001.00000002.2153238930.00007FFE0CFAF000.00000002.00000001.01000000.0000002B.sdmp	false	high
https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg	file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/python/importlib_metadata	file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets	file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/python/importlib_metadata/issues	file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
http://repository.swisssign.com/0	file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114732194.00000214FFA0B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp	false	high
https://setuptools.pypa.io/en/latest/	file.exe, 00000001.00000002.2138700348.0000021481710000.00000004.00001000.00020000.00000000.sdmp	false	high
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#	file.exe, 00000001.00000002.2142886417.00000214FEAD4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106756868.00000214FEA98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118042942.00000214FEACB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109007109.00000214FEAC6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2128059773.00000214FF24C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2143783583.00000214FF24C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2128304849.00000214FEACF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126900082.00000214FF249000.00000004.00000020.00020000.00000000.sdmp	false	high
https://wheel.readthedocs.io/en/stable/news.html	file.exe, 00000000.00000003.1697117929.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-file	file.exe, 00000001.00000003.2110031802.00000214FFB16000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105909756.00000214FFB13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1720121317.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146402786.00000214FFB1A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1718518630.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126663400.00000214FFB16000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://importlib-metadata.readthedocs.io/	file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
https://tools.ietf.org/html/rfc2388#section-4.4	file.exe, 00000001.00000003.2112994189.00000214FFBDF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104502886.00000214FFBDD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2119048801.00000214FFBE0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1721247684.00000214FFB8A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110277873.00000214FFBDE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106175292.00000214FFBDE000.00000004.00000020.00020000.00000000.sdmp	false	high
https://packaging.python.org/en/latest/specifications/core-metadata/	file.exe, 00000001.00000002.2138700348.0000021481710000.00000004.00001000.00020000.00000000.sdmp	false	high
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64	file.exe, 00000001.00000003.2137051242.00000214FF761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2134871251.00000214FF761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107105975.00000214FF741000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1715202312.00000214FF751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1713395830.00000214FF751000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1714909364.00000214FF750000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2108261439.00000214FF742000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1711533233.00000214FF761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110787152.00000214FF756000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117848011.00000214FF75C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107053201.00000214FF72E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111485567.00000214FF75A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1714479771.00000214FF74A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1710765564.00000214FF761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104292483.00000214FF72D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717951813.00000214FF74A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1712356307.00000214FF761000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109211449.00000214FF74F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1715930556.00000214FF74A000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/pypa/packaging	file.exe, 00000001.00000002.2147814194.00000214FFE80000.00000004.00001000.00020000.00000000.sdmp	false	high
https://packaging.python.org/en/latest/specifications/entry-points/#file-format	file.exe, 00000001.00000003.2110031802.00000214FFB16000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105909756.00000214FFB13000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1720121317.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146402786.00000214FFB1A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1718518630.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126663400.00000214FFB16000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://readthedocs.org/projects/importlib-metadata/badge/?version=latest	file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
http://crl.dhimyotis.com/certignarootca.crlG	file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114974733.00000214FFA44000.00000004.00000020.00020000.00000000.sdmp	false	high
https://refspecs.linuxfoundation.org/elf/gabi4	file.exe, 00000001.00000002.2147814194.00000214FFE80000.00000004.00001000.00020000.00000000.sdmp	false	high
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages0	file.exe, 00000001.00000002.2145583592.00000214FF880000.00000004.00001000.00020000.00000000.sdmp	false	high
https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963	file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	false	high
http://cacerts.digi	file.exe, 00000000.00000003.1698625559.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1688855381.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
https://blog.jaraco.com/skeleton	file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
https://tools.ietf.org/html/rfc3610	file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/platformdirs/platformdirs	file.exe, 00000001.00000002.2138437431.0000021481510000.00000004.00001000.00020000.00000000.sdmp	false	high
https://peps.python.org/pep-0205/	file.exe, 00000001.00000003.1704045249.00000214FF241000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2145484367.00000214FF780000.00000004.00001000.00020000.00000000.sdmp	false	high
http://crl.dhimyotis.com/certignarootca.crl	file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146001431.00000214FFA4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114974733.00000214FFA44000.00000004.00000020.00020000.00000000.sdmp	false	high
http://ocsp.accv.es	file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md	file.exe, 00000000.00000003.1697117929.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr;	file.exe, 00000001.00000003.1709784973.00000214FF9C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709627369.00000214FF981000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709627369.00000214FF9C0000.00000004.00000020.00020000.00000000.sdmp	false	high
https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename	file.exe, 00000001.00000002.2143166246.00000214FEFE0000.00000004.00001000.00020000.00000000.sdmp	false	high
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy	file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	false	high
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688	file.exe, 00000001.00000002.2143166246.00000214FF064000.00000004.00001000.00020000.00000000.sdmp	false	high
https://httpbin.org/get	file.exe, 00000001.00000003.2130839175.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2123530256.00000214FF637000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2137480353.00000214FFB6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146114251.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105574677.00000214FF5CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFAA6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146673781.00000214FFB72000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2137845154.00000214FFB71000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118227425.00000214FFB61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110578380.00000214FFB4A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121594121.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121798487.00000214FFBB4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111364823.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107513071.00000214FF614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109613829.00000214FF630000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126122145.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp	false	high
https://packaging.python.org/en/latest/specifications/entry-points/	file.exe, 00000001.00000002.2138569145.0000021481610000.00000004.00001000.00020000.00000000.sdmp	false	high
http://cacerts.dig	file.exe, 00000000.00000003.1688704118.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1687289332.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access	file.exe, 00000001.00000003.1709784973.00000214FF9C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1712550325.00000214FF5A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1713684540.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105574677.00000214FF5CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1711744635.00000214FF5A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709711006.00000214FF748000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1713914068.00000214FF5A7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1714479771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709687097.00000214FF75A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110113331.00000214FF5CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709627369.00000214FF9C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2115614251.00000214FF5CD000.00000004.00000020.00020000.00000000.sdmp	false	high
https://pypi.org/project/build/).	file.exe, 00000001.00000002.2138569145.0000021481610000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.2138700348.0000021481710000.00000004.00001000.00020000.00000000.sdmp	false	high
https://api.telegram.org/bot8095725853/senddocument?chat_id=7027613045%3aaagx3rpo-1uhb195if6jixakjyp	file.exe, 00000001.00000002.2141249438.0000021482314000.00000004.00001000.00020000.00000000.sdmp	false	high
https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code	file.exe, 00000001.00000002.2143166246.00000214FEFE0000.00000004.00001000.00020000.00000000.sdmp	false	high
https://wwww.certigna.fr/autorites/0m	file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146001431.00000214FFA4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114974733.00000214FFA44000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/pypa/wheel	file.exe, 00000000.00000003.1697117929.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.python.org/dev/peps/pep-0427/	file.exe, 00000000.00000003.1697117929.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	file.exe, 00000001.00000002.2142886417.00000214FEAD4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106756868.00000214FEA98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118042942.00000214FEACB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109007109.00000214FEAC6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2128059773.00000214FF24C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2143783583.00000214FF24C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2128304849.00000214FEACF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126900082.00000214FF249000.00000004.00000020.00020000.00000000.sdmp	false	high
http://foo/bar.tgz	file.exe, 00000001.00000002.2147814194.00000214FFE80000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1716455558.00000214FFABC000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/python/cpython/issues/86361.	file.exe, 00000001.00000003.1715930556.00000214FF648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104354364.00000214FF67F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105284932.00000214FF709000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105155606.00000214FF68F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107596886.00000214FF70D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1715063817.00000214FF6FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1714479771.00000214FF6FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118404849.00000214FF70F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1712550325.00000214FF5E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104432399.00000214FF683000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1713395830.00000214FF6FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1712550325.00000214FF589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1719024425.00000214FF637000.00000004.00000020.00020000.00000000.sdmp	false	high
https://httpbin.org/	file.exe, 00000001.00000003.2104762804.00000214FFB8A000.00000004.00000020.00020000.00000000.sdmp	false	high
https://wwww.certigna.fr/autorites/	file.exe, 00000001.00000002.2147553373.00000214FFD5C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114067886.00000214FFD3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2101914863.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118513741.00000214FFD5C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz	file.exe, 00000001.00000003.1715930556.00000214FF648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2116206020.00000214FF73A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107053201.00000214FF72E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109747468.00000214FF731000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2132429266.00000214FF73C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2108710356.00000214FF72E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104292483.00000214FF72D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1719024425.00000214FF637000.00000004.00000020.00020000.00000000.sdmp	false	high
https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module	file.exe, 00000001.00000002.2143166246.00000214FEFE0000.00000004.00001000.00020000.00000000.sdmp	false	high
https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches	file.exe, 00000001.00000002.2143166246.00000214FEFE0000.00000004.00001000.00020000.00000000.sdmp	false	high
https://docs.python.org/3/reference/import.html#finders-and-loaders	file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml0	file.exe, 00000001.00000002.2138437431.0000021481510000.00000004.00001000.00020000.00000000.sdmp	false	high
https://img.shields.io/badge/skeleton-2024-informational	file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.	file.exe, 00000001.00000002.2138700348.0000021481710000.00000004.00001000.00020000.00000000.sdmp	false	high
https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the	file.exe, 00000001.00000002.2146441900.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1718518630.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2113962803.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1721247684.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp	false	high
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535	file.exe, 00000001.00000003.1722215740.00000214FFC97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104230165.00000214FFC8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117528067.00000214FFC92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107937864.00000214FFC8E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110578380.00000214FFB4A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2147301932.00000214FFC98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103312630.00000214FFC7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118761418.00000214FFC92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1721247684.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122249938.00000214FFC94000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111847758.00000214FFC91000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy	file.exe, 00000001.00000002.2142886417.00000214FEAD4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106756868.00000214FEA98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118042942.00000214FEACB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109007109.00000214FEAC6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2128059773.00000214FF24C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2143783583.00000214FF24C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2128304849.00000214FEACF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126900082.00000214FF249000.00000004.00000020.00020000.00000000.sdmp	false	high
http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76	file.exe, 00000001.00000003.2123530256.00000214FF637000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122134839.0000021481AAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105574677.00000214FF5CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121671472.0000021481A9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2140592282.0000021481BD1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2139836782.0000021481AAF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120640970.0000021481A9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107513071.00000214FF614000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109613829.00000214FF630000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107003138.00000214FF60E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://docs.python.org/3/library/multiprocessing.html	file.exe, 00000001.00000003.1717288320.00000214FFC64000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1718518630.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFAA6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2132122047.00000214FFAD0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1720121317.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2127810264.00000214FFAC1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2116526106.00000214FFAC0000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/pypa/setuptools/issues/417#issuecomment-392298401	file.exe, 00000001.00000002.2138569145.0000021481610000.00000004.00001000.00020000.00000000.sdmp	false	high
https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadata	file.exe, 00000001.00000002.2138569145.0000021481610000.00000004.00001000.00020000.00000000.sdmp	false	high
http://crl.securetrust.com/STCA.crl	file.exe, 00000001.00000003.2130648026.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2147473239.00000214FFD37000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2101914863.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2136299831.00000214FFD25000.00000004.00000020.00020000.00000000.sdmp	false	high
http://wwwsearch.sf.net/):	file.exe, 00000001.00000003.1722215740.00000214FFC97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104230165.00000214FFC8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117528067.00000214FFC92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107937864.00000214FFC8E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2135904756.00000214FFCA3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103312630.00000214FFC7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118761418.00000214FFC92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122249938.00000214FFC94000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2147341704.00000214FFCA4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111847758.00000214FFC91000.00000004.00000020.00020000.00000000.sdmp	false	high
http://csrc.nist.gov/publications/nistpubs/80	file.exe, 00000001.00000002.2139722360.0000021481A93000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/python/importlib_metadata/wiki/Development-Methodology	file.exe, 00000001.00000002.2147630243.00000214FFD80000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1714479771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp	false	high
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0	file.exe, 00000001.00000003.2130839175.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146114251.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFAA6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121594121.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111364823.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126122145.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp	false	high
http://www.accv.es/legislacion_c.htm	file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp	false	high
http://tools.ietf.org/html/rfc6125#section-6.4.3	file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	false	high
http://crl.xrampsecurity.com/XGCA.crl0	file.exe, 00000001.00000003.2136050933.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117277157.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146285438.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2116526106.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFB0D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://bugs.python.org/issue44497.	file.exe, 00000001.00000002.2138569145.0000021481610000.00000004.00001000.00020000.00000000.sdmp	false	high
http://tools.ietf.org/html/rfc5234	file.exe, 00000001.00000003.2108127631.0000021481B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2140226897.0000021481B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2141476897.00000214824F8000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122464311.0000021481B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2123285656.0000021481B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2141476897.0000021482498000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102396310.0000021481B51000.00000004.00000020.00020000.00000000.sdmp	false	high
http://www.cert.fnmt.es/dpcs/	file.exe, 00000001.00000003.2119974551.00000214FFA51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114067886.00000214FFD3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2101914863.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114974733.00000214FFA44000.00000004.00000020.00020000.00000000.sdmp	false	high
https://setuptools.pypa.io/en/latest/pkg_resources.html	file.exe, 00000001.00000003.1709784973.00000214FF9C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709736637.00000214FF731000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709822636.00000214FF732000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1709627369.00000214FF9C0000.00000004.00000020.00020000.00000000.sdmp	false	high
https://google.com/mail	file.exe, 00000001.00000003.1721954365.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110863930.00000214FF9A2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146954612.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117773640.00000214FF9A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104762804.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2113497364.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2116867283.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2125420814.00000214FFC3A000.00000004.00000020.00020000.00000000.sdmp	false	high
https://img.shields.io/pypi/v/importlib_metadata.svg	file.exe, 00000000.00000003.1695061824.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high
https://packaging.python.org/specifications/entry-points/	file.exe, 00000001.00000002.2138569145.0000021481610000.00000004.00001000.00020000.00000000.sdmp	false	high
http://www.accv.es00	file.exe, 00000001.00000003.2130839175.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2146114251.00000214FFAB7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2106351524.00000214FFAA6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105385058.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121594121.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FFAA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111364823.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2126122145.00000214FFAA7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.python.org/psf/license/)	file.exe, 00000001.00000002.2150063973.00007FFDFB668000.00000002.00000001.01000000.00000004.sdmp	false	high
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py	file.exe, 00000001.00000003.2126900082.00000214FF249000.00000004.00000020.00020000.00000000.sdmp	false	high
http://www.rfc-editor.org/info/rfc7253	file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2139780645.0000021481AA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121671472.0000021481A9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120640970.0000021481A9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.telegram.org/bot8095725853/sendDocument?chat_id=7027613045%3AAAGX3rPO-1UHB195if6JIXakjYP	file.exe, 00000001.00000002.2141249438.0000021482314000.00000004.00001000.00020000.00000000.sdmp	false	high
http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf	file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp	false	high
https://foss.heptapod.net/pypy/pypy/-/issues/3539	file.exe, 00000001.00000002.2138836224.0000021481810000.00000004.00001000.00020000.00000000.sdmp	false	high
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.	file.exe, 00000001.00000003.2110863930.00000214FF9A2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2145807414.00000214FF9C0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122323104.00000214FF9BD000.00000004.00000020.00020000.00000000.sdmp	false	high
http://google.com/	file.exe, 00000001.00000003.2119974551.00000214FFA51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109315370.00000214FF9EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1721880040.00000214FFA49000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1720121317.00000214FFA1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1721247684.00000214FFB3F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107454781.00000214FF9E9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121180025.00000214FFA54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107397737.00000214FF9E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114304497.00000214FFA2B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103643359.00000214FF9CE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2105994467.00000214FF9CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2114974733.00000214FFA44000.00000004.00000020.00020000.00000000.sdmp	false	high
https://mahler:8092/site-updates.py	file.exe, 00000001.00000003.1715930556.00000214FF648000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104354364.00000214FF67F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107596886.00000214FF680000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1719024425.00000214FF637000.00000004.00000020.00020000.00000000.sdmp	false	high
http://crl.securetrust.com/SGCA.crl	file.exe, 00000001.00000003.2130648026.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.2147473239.00000214FFD37000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2101914863.00000214FFD22000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2136299831.00000214FFD25000.00000004.00000020.00020000.00000000.sdmp	false	high
https://tools.ietf.org/html/rfc7231#section-4.3.6)	file.exe, 00000001.00000003.2102717771.00000214FF598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107105975.00000214FF741000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2108261439.00000214FF742000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110787152.00000214FF756000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107053201.00000214FF72E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2104292483.00000214FF72D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1717951813.00000214FF74A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2109211449.00000214FF74F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1715930556.00000214FF74A000.00000004.00000020.00020000.00000000.sdmp	false	high
http://tools.ietf.org/html/rfc5869	file.exe, 00000001.00000003.2123857047.0000021481A51000.00000004.00000020.00020000.00000000.sdmp	false	high
http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html	file.exe, 00000001.00000003.2104230165.00000214FFC8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118660997.0000021481A80000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2110863930.00000214FF9A2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121671472.0000021481A9F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2117528067.00000214FFC92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2107937864.00000214FFC8E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120640970.0000021481A9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2120458140.0000021481A98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2103312630.00000214FFC7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2118761418.00000214FFC92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122323104.00000214FF9BD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2122249938.00000214FFC94000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2121671472.0000021481A99000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.2111847758.00000214FFC91000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/pypa/wheel/issues	file.exe, 00000000.00000003.1697117929.000001F724DC5000.00000004.00000020.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
20.25.227.174	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.40	s-part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.189.173.8	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
18.165.220.106	sb.scorecardresearch.com	United States	3	MIT-GATEWAYSUS	false
23.44.203.19	unknown	United States	20940	AKAMAI-ASN1EU	false
152.195.19.97	unknown	United States	15133	EDGECASTUS	false
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	false
142.250.181.65	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
104.26.8.59	api.myip.com	United States	13335	CLOUDFLARENETUS	false
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.65.202	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1560507
Start date and time:	2024-11-21 22:08:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	27
Number of new started drivers analysed:	2
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@72/400@24/15
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 93.184.221.240, 192.229.221.95, 172.217.21.35, 172.217.17.46, 64.233.165.84, 13.107.42.16, 204.79.197.203, 13.107.21.239, 204.79.197.239, 13.107.6.158, 172.165.61.93, 23.32.239.18, 23.32.239.56, 2.16.158.171, 2.16.158.88, 2.16.158.90, 2.16.158.80, 2.16.158.169, 2.16.158.81, 2.16.158.75, 2.16.158.170, 2.16.158.96, 2.19.198.17, 23.32.239.58, 2.16.158.184, 2.16.158.97, 2.16.158.186, 2.16.158.185, 2.16.158.176, 2.16.158.187, 104.126.36.104, 104.126.36.99, 104.126.36.97, 104.126.36.113, 104.126.36.105, 104.126.36.91, 104.126.36.90, 104.126.36.96, 104.126.36.107, 2.16.158.72, 2.16.158.56, 2.16.158.74, 2.16.158.51, 2.16.158.58, 2.16.158.50, 2.16.158.43, 13.74.129.1, 204.79.197.237, 13.107.21.237, 13.87.96.169, 2.16.158.34, 142.250.65.163, 142.251.32.99
Excluded domains from analysis (whitelisted): prod-agic-us-3.uksouth.cloudapp.azure.com, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, www.bing.com.edgekey.net, th.bing.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, config.edge.skype.com, edge-microsoft-com.dual-a-0036.a-msedge.net, a
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
20.25.227.174	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	S0FTWARE.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Stealc, Vidar	Browse
	FRSSDE.exe	Get hash	malicious	Remcos	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	ArenaWarsSetup.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
13.107.246.40	Payment Transfer Receipt.shtml	Get hash	malicious	HTMLPhisher	Browse	www.aib.gov.uk/
	NEW ORDER.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zs
	PO_OCF 408.xls	Get hash	malicious	Unknown	Browse	2s.gg/42Q
	06836722_218 Aluplast.docx.doc	Get hash	malicious	Unknown	Browse	2s.gg/3zk
	Quotation.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zM
20.189.173.8	96c27caf-3816-d26f-4af5-19e1d76e6c15.eml	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	Untitled.msg	Get hash	malicious	Phisher	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	https://tcmedcenter-my.sharepoint.com/:f:/g/personal/jessica_larson_tcmedcenter_org/Ek1X93Tsfp5KoiWqKbJ_ocQBqlE2wGVJqWkJh4H7mn0vuw?e=Yni2o7	Get hash	malicious	Unknown	Browse
	https://forms.office.com/Pages/ResponsePage.aspx?id=4mPIUn7HtEOifSf_jkD9akHPEdQOqpJDoTs5yuUf8txUMEFQTE42TU03SUJBSU84VTY3MEtFR1JaUS4u	Get hash	malicious	HTMLPhisher	Browse
	Axactor Microsoft - Introduksjonsm#U00f8te.msg	Get hash	malicious	EvilProxy	Browse
	https://url.uk.m.mimecastprotect.com/s/879wCp9pjInpwnDHPf7CG_Zsy?domain=aerographicsut-my.sharepoint.com	Get hash	malicious	HTMLPhisher	Browse
	https://file365-cloud.s3.eu-west-2.amazonaws.com/ML+Payment+05323.pdf	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.myip.com	file.exe	Get hash	malicious	LummaC, Ailurophile Stealer, Amadey, LummaC Stealer, Stealc	Browse	104.26.9.59
	file.exe	Get hash	malicious	Ailurophile Stealer	Browse	104.26.8.59
	installer.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	installer.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	installer.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	installer.exe	Get hash	malicious	Unknown	Browse	104.26.8.59
	ZoomInstaller.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	ZoomInstaller.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	file.exe	Get hash	malicious	LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer	Browse	104.26.9.59
	gHPYUEh253.exe	Get hash	malicious	Djvu, Neoreklami, Stealc, Vidar, Xmrig	Browse	104.26.8.59
chrome.cloudflare-dns.com	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	162.159.61.3
	1732215862df90b858ebf82740ce134fb5917becbb3385f4dfc36cbe28d6e90709df01f065739.dat-decoded.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	162.159.61.3
	S0FTWARE.exe	Get hash	malicious	Stealc, Vidar	Browse	162.159.61.3
	wE1inOhJA5.msi	Get hash	malicious	Remcos, RHADAMANTHYS	Browse	172.64.41.3
	test2.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	test2.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	E89hSGjVrv.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
s-part-0012.t-0009.t-msedge.net	https://www.cognitoforms.com/f/fWhXKikFUk-rIZ2zs1gjVw/1	Get hash	malicious	Unknown	Browse	13.107.246.40
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	13.107.246.40
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	13.107.246.40
	file.exe	Get hash	malicious	Credential Flusher	Browse	13.107.246.40
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.40
	http://iglawfirm.com/services/antai-fr/	Get hash	malicious	Unknown	Browse	13.107.246.40
	http://sales-agreement-carpal-relative.s3.amazonaws.com/payout/completed/SEKTJGJFFJlfkdjklm4GHKHKYKFLFL/onedrive.html	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://email.oxblue.com/e3t/Ctc/Q+113/cdDrv04/VXdfjN46m5dxW4GJlKB4fd0DdW2sbCLr5lTFq6N7Hm8xT3qgyTW7Y8-PT6lZ3lzW1ccS1H8Y8rzXW1hrlTV77h1NhW5_pVzH8bsnn6W1PWxqV8D5TN_W4_z5yx2Cz_4sMrZF-GqDHzcW8pZQ3N3BhYgKW3tmwg72n4TxDW4fS46V1-s7dgW57YVF64HfrMMW2BxxC75X21XdW1nBYw_1PMVGyW8s_YKQ6BTQZmW8wDJ4k3-yNbbW2_BGfy66mfVdW937hqt5kq1CcW4XD3mN54BQSWW4G8TK98NTx7zW74frv25zlZbQW5ztJ6n6fGJFrMSqBjr36qwYW2tk9Xh21wMKrW5RXwDq1M2mmrW3nyq_P20wBvNN8-tVH1nqcD1W5m3Vz04sj9CQf2ygfDq04	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://blackearthpavement-my.sharepoint.com/:f:/p/justin/Ers-Js2n9AROj9DUuizyNWABOVK5z1CJ653Ryc0SphjDRg?e=3ZQaIF	Get hash	malicious	Unknown	Browse	13.107.246.40
	DofusInvoker.swf	Get hash	malicious	Unknown	Browse	13.107.246.40

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	FW_ Signature Required For Agreement with ID_41392PJBM8759674.msg	Get hash	malicious	Unknown	Browse	52.109.76.243
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	20.99.185.48
	[EXTERNAL] Oakville shared ''o_akville_853473074_21.11.2024''.eml	Get hash	malicious	Unknown	Browse	20.44.10.123
	https://facial.ws	Get hash	malicious	Unknown	Browse	52.175.244.47
	http://clearview-ps.inwise.net/page_11-21-2024_1	Get hash	malicious	Unknown	Browse	13.107.246.63
	1732215862df90b858ebf82740ce134fb5917becbb3385f4dfc36cbe28d6e90709df01f065739.dat-decoded.exe	Get hash	malicious	Unknown	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	http://www.im-creator.com/viewer/vbid-2a496caa-iwgbu2zx/vbid-f9637b78-lok1anrm	Get hash	malicious	Unknown	Browse	13.107.246.63
	Status Update DXLG.html	Get hash	malicious	Unknown	Browse	40.99.60.2
	https://www.google.com/url?sa=https://r20.rs6.net/tns.jsp?f=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjU1vfA9siJAxVNh_0HHcggMUkQFnoECB0QAQ&url=amp/s/d7TO.ifvxdvrhe.ru%2FDflmD%2F	Get hash	malicious	Unknown	Browse	40.101.92.18
MICROSOFT-CORP-MSN-AS-BLOCKUS	FW_ Signature Required For Agreement with ID_41392PJBM8759674.msg	Get hash	malicious	Unknown	Browse	52.109.76.243
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	20.99.185.48
	[EXTERNAL] Oakville shared ''o_akville_853473074_21.11.2024''.eml	Get hash	malicious	Unknown	Browse	20.44.10.123
	https://facial.ws	Get hash	malicious	Unknown	Browse	52.175.244.47
	http://clearview-ps.inwise.net/page_11-21-2024_1	Get hash	malicious	Unknown	Browse	13.107.246.63
	1732215862df90b858ebf82740ce134fb5917becbb3385f4dfc36cbe28d6e90709df01f065739.dat-decoded.exe	Get hash	malicious	Unknown	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	http://www.im-creator.com/viewer/vbid-2a496caa-iwgbu2zx/vbid-f9637b78-lok1anrm	Get hash	malicious	Unknown	Browse	13.107.246.63
	Status Update DXLG.html	Get hash	malicious	Unknown	Browse	40.99.60.2
	https://www.google.com/url?sa=https://r20.rs6.net/tns.jsp?f=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjU1vfA9siJAxVNh_0HHcggMUkQFnoECB0QAQ&url=amp/s/d7TO.ifvxdvrhe.ru%2FDflmD%2F	Get hash	malicious	Unknown	Browse	40.101.92.18
MICROSOFT-CORP-MSN-AS-BLOCKUS	FW_ Signature Required For Agreement with ID_41392PJBM8759674.msg	Get hash	malicious	Unknown	Browse	52.109.76.243
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	20.99.185.48
	[EXTERNAL] Oakville shared ''o_akville_853473074_21.11.2024''.eml	Get hash	malicious	Unknown	Browse	20.44.10.123
	https://facial.ws	Get hash	malicious	Unknown	Browse	52.175.244.47
	http://clearview-ps.inwise.net/page_11-21-2024_1	Get hash	malicious	Unknown	Browse	13.107.246.63
	1732215862df90b858ebf82740ce134fb5917becbb3385f4dfc36cbe28d6e90709df01f065739.dat-decoded.exe	Get hash	malicious	Unknown	Browse	13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	http://www.im-creator.com/viewer/vbid-2a496caa-iwgbu2zx/vbid-f9637b78-lok1anrm	Get hash	malicious	Unknown	Browse	13.107.246.63
	Status Update DXLG.html	Get hash	malicious	Unknown	Browse	40.99.60.2
	https://www.google.com/url?sa=https://r20.rs6.net/tns.jsp?f=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjU1vfA9siJAxVNh_0HHcggMUkQFnoECB0QAQ&url=amp/s/d7TO.ifvxdvrhe.ru%2FDflmD%2F	Get hash	malicious	Unknown	Browse	40.101.92.18
MIT-GATEWAYSUS	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.165.220.110
	file.exe	Get hash	malicious	Credential Flusher	Browse	18.66.161.92
	https://cheddar-olive-hospital.glitch.me/home.html	Get hash	malicious	Unknown	Browse	18.66.161.109
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.165.220.57
	https://bafkreifkijr4deqnzixvigwgbpmegtl7w7z65bwaf2xegf6wb5oejvy7je.ipfs.flk-ipfs.xyz/#mail@andrejsmanagement.com&c=E,1,7ZfSQ9vAYe7rvB9NwKAqcoBV6_2nCPL09QKb7jG3WYDaiZix9u1hiaulren8GlCVh8tr3ArY61yo0-gZFvLQqJ6pANsbQuIKnEW2EuUntXIIWBvyOuRTAdpQ&typo=1	Get hash	malicious	Unknown	Browse	18.66.161.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	18.66.161.4
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	18.165.220.57
	S0FTWARE.exe	Get hash	malicious	Stealc, Vidar	Browse	18.165.220.106
	https://bitly.cx/aMW9O9	Get hash	malicious	Unknown	Browse	18.66.122.47
	phish_alert_sp2_2.0.0.0.eml	Get hash	malicious	HTMLPhisher	Browse	18.66.112.41

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	52.149.20.212 40.126.53.9 13.107.246.63 23.218.208.109
	https://cheddar-olive-hospital.glitch.me/home.html	Get hash	malicious	Unknown	Browse	52.149.20.212 40.126.53.9 13.107.246.63 23.218.208.109
	https://facial.ws	Get hash	malicious	Unknown	Browse	52.149.20.212 40.126.53.9 13.107.246.63 23.218.208.109
	https://www.im-creator.com/viewer/vbid-2a496caa-iwgbu2zx/vbid-7e913ffa-lok1anrm	Get hash	malicious	Unknown	Browse	52.149.20.212 40.126.53.9 13.107.246.63 23.218.208.109
	http://main.cloudfronts.net/dns/sshd	Get hash	malicious	Unknown	Browse	52.149.20.212 40.126.53.9 13.107.246.63 23.218.208.109
	https://tronblma3sw.z13.web.core.windows.net/?click_id=2isqs9om0m3rjybj2&tid=903&subid=novatechwheels.com&ref=novatechwheels.com&922%5D	Get hash	malicious	TechSupportScam	Browse	52.149.20.212 40.126.53.9 13.107.246.63 23.218.208.109
	http://powerspecinc.com	Get hash	malicious	Unknown	Browse	52.149.20.212 40.126.53.9 13.107.246.63 23.218.208.109
	https://form.questionscout.com/67127ef13f65b43e0e3a56dc	Get hash	malicious	Unknown	Browse	52.149.20.212 40.126.53.9 13.107.246.63 23.218.208.109
	http://clearview-ps.inwise.net/page_11-21-2024_1	Get hash	malicious	Unknown	Browse	52.149.20.212 40.126.53.9 13.107.246.63 23.218.208.109
	1732215862df90b858ebf82740ce134fb5917becbb3385f4dfc36cbe28d6e90709df01f065739.dat-decoded.exe	Get hash	malicious	Unknown	Browse	52.149.20.212 40.126.53.9 13.107.246.63 23.218.208.109

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_Salsa20.pyd	Payload.exe	Get hash	malicious	Python Stealer, BLX Stealer, XLABB Grabber	Browse
	Payload.exe	Get hash	malicious	Python Stealer, BLX Stealer, XLABB Grabber	Browse
	Creal.exe	Get hash	malicious	Creal Stealer	Browse
	#U0416#U0430#U0440#U043a#U043e#U0432#U0430 .exe	Get hash	malicious	Blank Grabber, Creal Stealer	Browse
	https://t.ly/Oppenheim0511	Get hash	malicious	GO Backdoor	Browse
	RobCheat.exe	Get hash	malicious	Python Stealer, CStealer	Browse
	SecuriteInfo.com.Trojan.PWS.Stealer.39881.9434.15338.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe	Get hash	malicious	Python Stealer, BLX Stealer, XLABB Grabber	Browse
	SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe	Get hash	malicious	Python Stealer, BLX Stealer, XLABB Grabber	Browse
	SecuriteInfo.com.Win64.Malware-gen.32485.11504.exe	Get hash	malicious	Python Stealer, Braodo	Browse
C:\Users\user\AppData\Local\Temp\_MEI29922\Crypto\Cipher\_ARC4.pyd	Payload.exe	Get hash	malicious	Python Stealer, BLX Stealer, XLABB Grabber	Browse
	Payload.exe	Get hash	malicious	Python Stealer, BLX Stealer, XLABB Grabber	Browse
	Creal.exe	Get hash	malicious	Creal Stealer	Browse
	#U0416#U0430#U0440#U043a#U043e#U0432#U0430 .exe	Get hash	malicious	Blank Grabber, Creal Stealer	Browse
	https://t.ly/Oppenheim0511	Get hash	malicious	GO Backdoor	Browse
	RobCheat.exe	Get hash	malicious	Python Stealer, CStealer	Browse
	SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe	Get hash	malicious	Python Stealer, BLX Stealer, XLABB Grabber	Browse
	SecuriteInfo.com.Python.Stealer.1251.9496.6786.exe	Get hash	malicious	Python Stealer, BLX Stealer, XLABB Grabber	Browse
	SecuriteInfo.com.Win64.Malware-gen.32485.11504.exe	Get hash	malicious	Python Stealer, Braodo	Browse
	grA6aqodO5.exe	Get hash	malicious	Python Stealer, CStealer	Browse

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	89
Entropy (8bit):	4.425635223750452
Encrypted:	false
SSDEEP:	3:FJQ/Ji40JSQMJsyPRKcJW5KeBFzwhzdn:ziJi4wEJhPRKcY5JFKx
MD5:	D8A25A825AA88C0A2E46B6A38378DEF6
SHA1:	FA01248E4B1B6CF82C6E40BFFD362D0745CF9CE7
SHA-256:	0539DB0488C9C7B8B8D518F71152874F8CFA26D5236B201687AAED21FF959AB3
SHA-512:	17380E3E76BDD34AC6B660444692B97CF11F76E242130761411DE95E0E088CC455BF31104ABB972EF5CB97AC91192AA813ACFDA429F273CB2D5EAA5911B76B86
Malicious:	false
Preview:	Ailurophile Stealer - Telegram: @Ailurophilevn....No autofills found for Chrome Default..

Process:	C:\Windows\System32\dxdiag.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	85407
Entropy (8bit):	5.206207034371881
Encrypted:	false
SSDEEP:	768:NP9JWMB5MBBVQ6Uc8FgGVoXX7lV6EMR57X3i0hG6gHCXkNEr+aL/FkJOlKwY0:N7chOV2uRoxHtOu0
MD5:	B1E8B01FCED1CE8F3765151B553C8552
SHA1:	F4B57E53FB810B5163A33F34F3B28186E18F84B8
SHA-256:	20E2FDB19A8B4E258E114D90304B660369A8C3B8B7D32559B61BC01A92F6A7AB
SHA-512:	07EAE803CA50323402DA7B300C3851626BFF2DFC38CCA1E36492F4F38E0AC0C7E0150B266C9EAEACE6735E899521DF1CD7FCE636951E3F2AF21CA3761444AB9D
Malicious:	false
Preview:	------------------..System Information..------------------.. Time of this report: 11/21/2024, 16:09:09.. Machine name: 965543.. Machine Id: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}.. Operating System: Windows 10 Pro 64-bit (10.0, Build 19045) (19041.vb_release.191206-1406).. Language: English (Regional Setting: English).. System Manufacturer: HAfoF53L47c7EP .. System Model: v3okLSN6.. BIOS: VMW201.00V.20829224.B64.2211211842 (type: UEFI).. Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (4 CPUs), ~2.0GHz.. Memory: 8192MB RAM.. Available OS Memory: 8192MB RAM.. Page File: 1668MB used, 6523MB available.. Windows Dir: C:\Windows.. DirectX Version: DirectX 12.. DX Setup Parameters: Not found.. User DPI Setting: 96 DPI (100 percent).. System DPI Setting: 96 DPI (100 percent).. DWM DPI Scaling: Disab

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	8126
Entropy (8bit):	5.805289143935525
Encrypted:	false
SSDEEP:	192:asNASXbGpeiRU9/QBk7Skz6qRAq1k8SPxVLZ7VTiq:asNA8GJEYy7v6q3QxVNZTiq
MD5:	9BB85D00E42D94970E2EFF607400B77C
SHA1:	D4732B294F4D0468433231546B496D1E27518EC6
SHA-256:	EAFDA465A4BA4E79CC1F01211DF6333A9505A69ED07F0DE14802FD2DC10781BB
SHA-512:	B14B091A54015887757998A72093C8A04FB0082B071B014FCDA9CCFAB221F69326C61E8AD3CF282669A505DE63E42B278D37699528624A070A1ACD550AB7ABAE
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.9965124587988745
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	13'960'143 bytes
MD5:	f74588fc6a3342296cbb881d87c17300
SHA1:	de5fccb795f1c2e639e3c48a1e333ac5ae2d45ea
SHA256:	8d9631d40e85203e942106de4530e9ae857849d6a5e38126f338a816b37d461c
SHA512:	6e10468170ea162ab5733b0d16a6f405afcbe22e1a183277c737bfc357ea98a13d55f9fdaf2457e1fe0f3a819f729c650df53b332643809450a5f0185f4292f2
SSDEEP:	393216:w9YiZ+XMCHWUjccuICvR/P0vKfXmsg8YiZdo:w9YiZ+XMb8JE/svKOudo
TLSH:	88E6330857E009DBD9F24438DEA7A569D5BAB8761B71C34F83B863611FA71C08D39A33
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n=..\.Z\.Z\.Za$.[-\.Za$.[.\.Za$.[ \.Z:..Z)\.Z:..[#\.Z:..[;\.Z:..[.\.Za$.[!\.Z\.Z.\.Zb..[3\.Zb..[+\.ZRich*\.Z........PE..d..

Entrypoint:	0x14000cdb0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x673F791A [Thu Nov 21 18:16:58 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	72c4e339b7af8ab1ed2eb3821c98713a

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3ca5c	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x47000	0x2bb4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x44000	0x2250	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4a000	0x764	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x3a080	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x39f40	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2b000	0x4a0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x29f00	0x2a000	2a7ae207b6295492e9da088072661752	False	0.5514439174107143	data	6.487454925709845	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x2b000	0x12a50	0x12c00	37792ce60144ba4bf48c77ad4995ca80	False	0.524453125	data	5.752609765590365	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x3e000	0x53f8	0xe00	dba0caeecab624a0ccc0d577241601d1	False	0.134765625	data	1.8392217063172436	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x44000	0x2250	0x2400	f5559f14427a02f0a5dbd0dd026cae54	False	0.470703125	data	5.291665041994019	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x47000	0x2bb4	0x2c00	166f211e3c4b04fa6db08502bfa20c59	False	0.13947088068181818	data	3.8228486303254328	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x4a000	0x764	0x800	816c68eeb419ee2c08656c31c06a0fff	False	0.5576171875	data	5.2809528666624175	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x470e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m	0.08246887966804979
RT_GROUP_ICON	0x49690	0x14	data	1.15
RT_MANIFEST	0x496a4	0x50d	XML 1.0 document, ASCII text	0.4694508894044857

DLL	Import
USER32.dll	CreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
COMCTL32.dll
KERNEL32.dll	GetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
ADVAPI32.dll	OpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
GDI32.dll	SelectObject, DeleteObject, CreateFontIndirectW

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 21, 2024 22:09:08.801462889 CET	57646	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:09.024184942 CET	53	57646	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:23.009078026 CET	138	138	192.168.2.4	192.168.2.255
Nov 21, 2024 22:09:23.727057934 CET	53	60360	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:23.755265951 CET	53	63946	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:23.873389959 CET	61856	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:23.873523951 CET	60344	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:24.010349035 CET	53	61856	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:24.010713100 CET	53	60344	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:29.351800919 CET	54236	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:29.351963997 CET	51742	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:29.433039904 CET	62751	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:29.490521908 CET	53	51742	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:29.570596933 CET	53	62751	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:31.865062952 CET	52882	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:31.865178108 CET	51073	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:32.392816067 CET	60340	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:32.392957926 CET	49816	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:32.538373947 CET	53	60340	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:32.539648056 CET	53	49816	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:33.469094038 CET	51962	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:33.469265938 CET	52496	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:33.469563961 CET	50298	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:33.469681025 CET	52370	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:33.558383942 CET	58746	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:33.558803082 CET	61781	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:33.606276035 CET	53	50298	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:33.606456995 CET	53	51962	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:33.607681036 CET	53	52370	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:33.608988047 CET	53	52496	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:33.695914984 CET	53	58746	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:33.696255922 CET	53	61781	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:34.713958025 CET	54297	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:34.714394093 CET	63540	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:34.721226931 CET	55420	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:34.721390009 CET	55159	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:34.852613926 CET	53	63540	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:34.852626085 CET	53	54297	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:34.853478909 CET	65152	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:34.853831053 CET	49394	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:34.992750883 CET	53	49394	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:34.993594885 CET	59665	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:34.993768930 CET	57448	53	192.168.2.4	1.1.1.1
Nov 21, 2024 22:09:35.131757021 CET	53	57448	1.1.1.1	192.168.2.4
Nov 21, 2024 22:09:35.334129095 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:35.336110115 CET	60762	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:35.638144970 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:35.638219118 CET	60762	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:36.246036053 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:36.246104956 CET	60762	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:36.465684891 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.465807915 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.466283083 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.466371059 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.467410088 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.467519999 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.467824936 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.467906952 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.470840931 CET	60762	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:36.471393108 CET	60762	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:36.473757029 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:36.474416971 CET	60762	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:36.475084066 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:36.485668898 CET	60762	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:36.485764027 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:36.569165945 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.569860935 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.798557997 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.798645973 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.798657894 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.798667908 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.798897028 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:36.798974991 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:36.801305056 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.801404953 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.801413059 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.801431894 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.801600933 CET	60762	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:36.801685095 CET	60762	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:36.810817003 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.811867952 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.812398911 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.812742949 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:36.813088894 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:37.338150024 CET	60762	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:37.347832918 CET	60762	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:37.377073050 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:37.377744913 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:37.407385111 CET	60762	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:37.407430887 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:37.457365990 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:37.457921028 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:37.501750946 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:37.501972914 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:37.662858009 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:37.665999889 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:37.672986031 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:37.678767920 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:37.681641102 CET	60762	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:37.782707930 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:37.783970118 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:37.784501076 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:37.823731899 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:37.827328920 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:37.829809904 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:37.830854893 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:37.832165956 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:39.429193974 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:39.429601908 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:39.430794001 CET	60762	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:39.430906057 CET	60762	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:39.754786968 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:39.755352974 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:39.756020069 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:39.756438017 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:39.756638050 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:39.757205009 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:39.758027077 CET	443	60762	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:39.758836985 CET	60762	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:39.946691990 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:39.946907997 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:39.973819971 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:39.973933935 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:40.272826910 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:40.275614977 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:40.275717020 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:40.299001932 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:40.302903891 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:40.303047895 CET	443	57781	172.64.41.3	192.168.2.4
Nov 21, 2024 22:09:40.314414024 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:40.329801083 CET	57781	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:09:40.330116987 CET	53603	443	192.168.2.4	23.44.203.19
Nov 21, 2024 22:09:40.637801886 CET	53603	443	192.168.2.4	23.44.203.19
Nov 21, 2024 22:09:41.248485088 CET	53603	443	192.168.2.4	23.44.203.19
Nov 21, 2024 22:09:41.460004091 CET	443	53603	23.44.203.19	192.168.2.4
Nov 21, 2024 22:09:41.460848093 CET	443	53603	23.44.203.19	192.168.2.4
Nov 21, 2024 22:09:41.460874081 CET	443	53603	23.44.203.19	192.168.2.4
Nov 21, 2024 22:09:41.460894108 CET	443	53603	23.44.203.19	192.168.2.4
Nov 21, 2024 22:09:41.460908890 CET	443	53603	23.44.203.19	192.168.2.4
Nov 21, 2024 22:09:41.461287975 CET	53603	443	192.168.2.4	23.44.203.19
Nov 21, 2024 22:09:41.463088989 CET	53603	443	192.168.2.4	23.44.203.19
Nov 21, 2024 22:09:41.463269949 CET	53603	443	192.168.2.4	23.44.203.19
Nov 21, 2024 22:09:41.573338032 CET	443	53603	23.44.203.19	192.168.2.4
Nov 21, 2024 22:09:41.573704004 CET	53603	443	192.168.2.4	23.44.203.19
Nov 21, 2024 22:09:41.786653996 CET	443	53603	23.44.203.19	192.168.2.4
Nov 21, 2024 22:09:41.786694050 CET	443	53603	23.44.203.19	192.168.2.4
Nov 21, 2024 22:09:41.786724091 CET	443	53603	23.44.203.19	192.168.2.4
Nov 21, 2024 22:09:41.786751986 CET	443	53603	23.44.203.19	192.168.2.4
Nov 21, 2024 22:09:41.786777973 CET	443	53603	23.44.203.19	192.168.2.4
Nov 21, 2024 22:09:41.787215948 CET	53603	443	192.168.2.4	23.44.203.19
Nov 21, 2024 22:09:41.787373066 CET	53603	443	192.168.2.4	23.44.203.19
Nov 21, 2024 22:09:41.811001062 CET	443	53603	23.44.203.19	192.168.2.4
Nov 21, 2024 22:09:41.824635983 CET	53603	443	192.168.2.4	23.44.203.19
Nov 21, 2024 22:09:41.896892071 CET	443	53603	23.44.203.19	192.168.2.4
Nov 21, 2024 22:10:01.785952091 CET	443	53603	23.44.203.19	192.168.2.4
Nov 21, 2024 22:10:01.823404074 CET	53603	443	192.168.2.4	23.44.203.19
Nov 21, 2024 22:10:03.185020924 CET	443	53603	23.44.203.19	192.168.2.4
Nov 21, 2024 22:10:03.229145050 CET	53603	443	192.168.2.4	23.44.203.19
Nov 21, 2024 22:10:11.784892082 CET	443	53603	23.44.203.19	192.168.2.4
Nov 21, 2024 22:10:33.090063095 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:33.090231895 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:33.090431929 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:33.090534925 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:34.104238033 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:34.104290009 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:34.104739904 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:34.104779005 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:34.231858015 CET	443	61216	172.64.41.3	192.168.2.4
Nov 21, 2024 22:10:34.232506037 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:34.245600939 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:34.245703936 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:34.474205017 CET	443	61216	172.64.41.3	192.168.2.4
Nov 21, 2024 22:10:34.474242926 CET	443	61216	172.64.41.3	192.168.2.4
Nov 21, 2024 22:10:34.474271059 CET	443	61216	172.64.41.3	192.168.2.4
Nov 21, 2024 22:10:34.474298000 CET	443	61216	172.64.41.3	192.168.2.4
Nov 21, 2024 22:10:34.474324942 CET	443	61216	172.64.41.3	192.168.2.4
Nov 21, 2024 22:10:34.474351883 CET	443	61216	172.64.41.3	192.168.2.4
Nov 21, 2024 22:10:34.474735975 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:34.474827051 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:34.474874973 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:34.479008913 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:34.562681913 CET	443	61216	172.64.41.3	192.168.2.4
Nov 21, 2024 22:10:34.583878040 CET	443	61216	172.64.41.3	192.168.2.4
Nov 21, 2024 22:10:34.588398933 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:34.593858004 CET	443	61216	172.64.41.3	192.168.2.4
Nov 21, 2024 22:10:34.593890905 CET	443	61216	172.64.41.3	192.168.2.4
Nov 21, 2024 22:10:34.594372988 CET	61216	443	192.168.2.4	172.64.41.3
Nov 21, 2024 22:10:34.798177958 CET	443	61216	172.64.41.3	192.168.2.4
Nov 21, 2024 22:10:34.805290937 CET	443	61216	172.64.41.3	192.168.2.4
Nov 21, 2024 22:10:34.838536024 CET	61216	443	192.168.2.4	172.64.41.3

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:22 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=HAfoF53L47c7EP+&MD=v3okLSN6 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-21 21:09:22 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: f4b6bf99-52ab-4002-9d29-dbb1bf172ae1 MS-RequestId: d654a47e-d288-4050-9a95-910ab7f550b1 MS-CV: kSXrY3kFbEeCjXrB.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 21 Nov 2024 21:09:21 GMT Connection: close Content-Length: 24490
2024-11-21 21:09:22 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-21 21:09:22 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:29 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-21 21:09:30 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF57) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=156917 Date: Thu, 21 Nov 2024 21:09:29 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:31 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-21 21:09:32 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=156970 Date: Thu, 21 Nov 2024 21:09:32 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-21 21:09:32 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:32 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-21 21:09:32 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-21 21:09:32 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Thu, 21 Nov 2024 21:08:32 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C533_BL2 x-ms-request-id: 01866651-986b-4d3a-958a-8578d5fdad76 PPServer: PPV: 30 H: BL02EPF0001D823 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Thu, 21 Nov 2024 21:09:31 GMT Connection: close Content-Length: 1276
2024-11-21 21:09:32 UTC	1276	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:34 UTC	594	OUT	GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:09:35 UTC	566	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 138356 X-GUploader-UploadID: AFiumC58AP8cgy8QCSMfjlA1phiguxydtiLgrGzyfe-eWYeYAybEI-ZVJvb7JRg57XNhsGcHgCo X-Goog-Hash: crc32c=ld9IFg== Server: UploadServer Date: Thu, 21 Nov 2024 16:45:00 GMT Expires: Fri, 21 Nov 2025 16:45:00 GMT Cache-Control: public, max-age=31536000 Age: 15874 Last-Modified: Tue, 19 Nov 2024 16:44:49 GMT ETag: 2373c8b9_cba0b209_e851cacf_d4df989e_81c52a41 Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-21 21:09:35 UTC	824	IN	Data Raw: 43 72 32 34 03 00 00 00 e0 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-11-21 21:09:35 UTC	1390	IN	Data Raw: 3a 5f 86 5f 7f f9 35 7d d5 75 53 5c 9b ff 18 eb af ff 78 3f ab fa d7 9f 7e 5d cf 1f 43 2d ff b3 ba 0c 53 3d 4c bf fe f2 f7 5f 63 f1 50 97 42 ea cf d7 8f b0 2d 4d db 10 dc 36 32 b3 69 2a b3 51 d5 e3 f8 c4 ad eb 39 ef e7 ef dc 9c de 2b 53 3d 89 f4 f8 84 0e 2f 36 3a df cf c2 57 83 c8 90 71 6c 2f 67 fd f9 26 6a a9 79 fc f9 7b af ae 22 8b ce b1 9a fe 7c 1c dc 46 fa 1f e7 f8 7c 9c a3 f6 e3 56 f9 f6 f0 f3 99 aa 77 be 25 74 2e 79 86 2e 3f df 17 26 e2 e2 61 cc 9c 7f 3c d2 6e c2 88 c1 89 f6 53 2b 7c d4 17 3d 05 72 61 c7 0a 84 08 01 b1 27 7d f8 28 82 70 57 fb c2 16 8f d0 39 05 d7 73 e5 43 a3 d8 1f 9f 8e ca b9 96 26 6a 4a 9f 2d 27 13 f6 27 13 a8 ca 42 8d 30 f5 75 3f 2e a5 b9 3b 9f f6 e1 a3 34 9d 7f cf f3 e7 d9 c2 b9 f0 d4 c0 ac e6 90 42 86 4e 5c 7c a7 3d 83 9c c3 33 Data Ascii: :__5}uS\x?~]C-S=L_cPB-M62i*Q9+S=/6:Wql/g&jy{"\|F\|Vw%t.y.?&a<nS+\|=ra'}(pW9sC&jJ-''B0u?.;4BN\\|=3
2024-11-21 21:09:35 UTC	1390	IN	Data Raw: 60 65 eb 98 45 ab ec b5 f7 df 38 3e ce 17 36 8b 4c d7 7b 85 4d 64 18 16 65 b0 90 1e f2 cb 03 4c 8a 00 e1 48 79 96 ec 9b 3d f6 a0 d6 80 10 57 0f 10 60 43 7e af 8e 3f 1c b7 7a ee 1d 59 c2 29 1a 94 12 c6 ec 9e 28 ba 47 74 ea a9 92 fb f2 20 bd f4 20 c3 8a 8a 04 03 ec 56 83 d6 68 aa f5 88 d1 39 0a d6 d7 be fa 7f 68 70 d5 e2 31 37 1a 25 03 f1 55 98 2a 4b bd 68 22 81 eb 25 ad 18 84 19 e6 b8 d7 a1 60 b9 67 e1 89 9c f6 e2 ad 52 d0 c5 a6 dc ad e7 9e dc ca 7f d2 3e 77 87 7d e1 a1 a5 e9 a4 17 9a 04 c0 1e 05 42 14 c6 78 22 8b d6 00 1f f3 28 78 31 13 f3 7e 67 01 4e 72 8a 0f 75 ff 71 5f e5 6f 6d cd bd d1 43 0a 76 99 35 be 4a e5 2d 31 6c 3a 02 10 c5 56 13 ea 1e 23 15 1d 58 74 af 43 75 3d f0 13 03 bc 22 a2 fc ca 82 66 b9 ee fd 2e c5 46 f6 b8 53 d7 bc 55 5e 3d b8 46 34 c8 Data Ascii: `eE8>6L{MdeLHy=W`C~?zY)(Gt Vh9hp17%U*Kh"%`gR>w}Bx"(x1~gNruq_omCv5J-1l:V#XtCu="f.FSU^=F4
2024-11-21 21:09:35 UTC	1390	IN	Data Raw: 7d dd cf 6f 71 6a 3c aa 40 7e 15 06 ce 18 81 87 14 8e b0 58 44 27 7a dd 77 ac b1 b7 dc 66 ab cf 89 e9 ce a6 3c ec 05 3f 02 02 d8 27 ea 46 4f 70 bb e1 2d 44 84 4e 09 f6 ed 1b e9 1b c5 3d 68 a6 0c d9 75 0f 3f b1 8e cd 35 f6 95 bf 91 bd 1a 69 d1 42 51 b5 ee b9 e2 ce 89 50 6c 26 16 de 89 5e bc e6 c4 fd 26 da f5 e3 ce 69 10 77 1e cc c8 01 e9 9e 41 6a 55 a0 38 bc ac b1 bf 6b be 7b ba 51 77 aa c0 9b 05 fc b0 44 37 6a e6 e1 c0 0e 78 4a 7b 14 13 4f eb 10 ed ee 3f fb 8d c4 1f af b9 25 7e f2 af cb 87 f0 11 f9 c7 c7 ff c1 df c8 80 4b b7 c6 3f 03 ce 51 66 ae c1 bd e9 35 31 9c a0 54 88 27 0b eb 52 98 2c 14 76 36 e7 d3 53 74 70 f3 94 48 50 51 74 c1 6a 6c c5 02 57 75 bf ea 37 d6 5c 85 75 ff 1a de 92 f6 c3 8e 3c db 2b f4 fc 0a bf 49 4b a8 ce 14 7e 00 ce c6 ac 26 ca 94 9e Data Ascii: }oqj<@~XD'zwf<?'FOp-DN=hu?5iBQPl&^&iwAjU8k{QwD7jxJ{O?%~K?Qf51T'R,v6StpHPQtjlWu7\u<+IK~&
2024-11-21 21:09:35 UTC	1390	IN	Data Raw: ae e7 0e 9d 1f 06 63 15 24 ff cb b8 61 7b a2 4e 58 74 c0 4c 09 86 ba 97 48 e8 03 c4 a9 0f ee 35 65 bd 60 e1 21 a1 18 44 a6 bd 68 e1 33 23 9a dc 91 a1 d2 1c 38 bf d3 98 ca 64 0f d9 ab 56 8f 6d 95 56 f8 a5 e3 ec 3d ef d5 2d b3 5c 3d e6 ff 3a fe 0d 19 c0 60 d4 b8 23 8f b9 88 da a3 ee df 88 f6 ec a7 9c 21 9f 2e 21 cc 81 f2 75 fd ed 12 f6 f3 fe 52 6a 9f db f0 a2 fb e9 a7 81 d4 f7 eb f5 58 53 9e 25 3f f7 32 7e 98 ff 3b 96 ae c7 fe 9f e7 2d df ff f0 9c e5 bf be 3b 4a 9f 4d 99 a9 ba 7f 9d 95 6c 74 8c da b7 42 c7 85 e0 d3 bd e4 8e ca 4d fb 56 f6 ea 5a f6 b6 f6 9f f3 77 e9 37 5f 85 df 9d ff fb bb 96 8e e7 01 8d 3f b9 f3 73 16 f3 d4 7e 18 a7 d6 fb f9 ff 5d c7 97 a1 e3 ee bb 84 8e a9 59 2c 05 d7 fa d6 5e e6 f7 e4 df 87 46 8b e9 f6 55 5f 7f fd e5 af 7f ff d5 d4 85 ac Data Ascii: c$a{NXtLH5e`!Dh3#8dVmV=-\=:`#!.!uRjXS%?2~;-;JMltBMVZw7_?s~]Y,^FU_
2024-11-21 21:09:35 UTC	1390	IN	Data Raw: c2 43 a0 f0 9c cf 84 2c dc 6f 77 dd ff 5e 04 27 23 01 db 3b d0 22 fa fd ca c2 00 94 91 17 e4 5e bb e4 28 b3 f2 09 87 4b 75 14 8e e0 c2 6f 3a 13 0a 28 96 4a ee 0a 6a 2c 09 f3 2c c2 e9 23 6a 8c ec 09 a0 e8 96 87 84 d2 68 a5 cd ca f5 ec 0a 46 60 f9 be 7b e8 5e a6 f5 2e a5 46 6e c8 a6 db bc 01 50 4b 07 08 1d fb 12 3a a0 00 00 00 23 01 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 72 6f 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 c1 4e 1c 31 0c bd f3 15 d6 9c 8a 34 a0 65 7b 82 1b 82 55 4f 85 aa 2d 97 aa 17 6f c6 b3 58 ca 38 51 e2 00 5a c4 bf e3 99 Data Ascii: C,ow^'#;"^(Kuo:(Jj,,#jhF`{^.FnPK:#PK!-_locales/ro/messages.jsonUT6*g Ad/RN14e{UO-oX8QZ
2024-11-21 21:09:35 UTC	1390	IN	Data Raw: 0f 6e 3d 2c 91 9f b7 f2 c2 8f 9e 81 ed 64 91 89 5f c8 93 db ec d7 38 3e f4 ec 97 19 5a 11 ad f3 b8 82 28 3a 6c b3 ee 24 e1 50 fb 79 09 cf f1 ad 57 e9 76 70 aa 85 35 32 aa 0a 0f 41 0d 1c 63 cf 15 51 0d 8c 44 97 9c 43 b8 94 04 8f 60 5f 09 e2 4b c0 6e a2 3a 29 12 e1 86 4f 49 97 b9 92 11 e2 5a d6 16 fc 60 20 03 a5 d7 f5 68 06 5f 65 93 9a dd ad 65 97 51 8b ac 05 b4 69 a5 64 30 17 f8 1c 4a 1d 10 6c a0 02 36 20 1b 29 c2 cd 6a e6 f5 e9 55 66 60 81 a8 0e 0c 0c 22 4a e0 41 05 8c 7f 9c 57 46 cf 54 ff 32 7c 7d 9b 6e 4b 1e be a1 2b 8b 2c ea 96 fa 5c 18 5d 04 b1 51 7c 89 a2 45 6d 3a 0b 61 c3 6f a2 78 04 e6 19 c0 10 c1 b2 2f e8 63 ec 0d 6c f9 20 a0 26 d6 8b ea b0 75 64 be 5d fd c4 70 d9 3b b5 ed d4 f1 bc 8d 4d 4a b4 8e 05 bc 1a 18 57 05 34 4d 40 13 b4 28 e5 ea ff 64 31 Data Ascii: n=,d_8>Z(:l$PyWvp52AcQDC`_Kn:)OIZ` h_eeQid0Jl6 )jUf`"JAWFT2\|}nK+,\]Q\|Em:aox/cl &ud]p;MJW4M@(d1
2024-11-21 21:09:35 UTC	1390	IN	Data Raw: 80 ac 82 c5 04 63 89 63 38 bd 2a 36 1c e9 9a 44 2a 3c 4e 2d ee 92 46 8e 50 dc e3 94 bb f5 61 c2 1d cf 5c 48 24 42 49 6c 12 12 d7 49 d9 ae b5 78 32 3e ee bd 6d 14 36 10 04 42 78 75 49 e8 56 12 9a c0 f8 4e 5b 9e a8 18 48 07 60 fa c4 f3 b8 1c e9 66 42 8d 56 0a 4d 3a 20 57 32 60 3d 87 5b 12 2d 22 e5 44 56 25 e1 21 a6 58 0d e8 46 f5 04 83 06 0e 87 28 fb a4 f0 19 18 b8 02 88 01 7c 80 61 ef 0c 9c e0 24 d3 07 48 c9 09 3f e2 9c 5e e9 89 97 4b 26 3f f6 66 0d 22 cf 03 86 52 31 81 e4 3a 97 fa 54 dc fb b0 49 d9 ef a1 7d 1a 46 e5 77 f4 02 a7 fd a6 7b 35 4f fa 61 2c 0d 6e 07 7a 72 4d 94 18 5d f3 fe 4e 2c 30 9b 6d f6 54 60 d0 58 d4 81 d8 05 43 89 9b 2d 91 75 b1 84 72 e5 82 16 5a a8 d1 8f 71 28 22 a2 ed 69 03 7e 0f 3a 87 3c 26 69 4c 4d 0a 36 d7 c7 a7 16 96 fa 98 fd 47 dc Data Ascii: cc86D<N-FPa\H$BIlIx2>m6BxuIVN[H`fBVM: W2`=[-"DV%!XF(\|a$H?^K&?f"R1:TI}Fw{5Oa,nzrM]N,0mT`XC-urZq("i~:<&iLM6G
2024-11-21 21:09:35 UTC	1390	IN	Data Raw: 92 6f 30 19 61 42 16 3c c5 8e d8 b3 84 2e 10 d8 71 39 f8 5c 22 7b 60 27 ee 3a 3f 1a 26 6a f5 a8 f2 1f 13 ad 85 fc dd 51 24 58 d5 3c 25 19 9d fa 2b 81 d6 c7 4d 37 fd 9a e2 f2 53 ad 5f c1 c9 b9 41 f8 0f 77 84 84 39 d5 5c 7f 74 b0 dd bb 43 ac e6 be ce d5 bf df bb 77 82 1b a6 ff 9c 05 67 3a 77 fe 7a f2 5d 9a 09 4d 66 b5 8d f8 e6 d8 2d cb 4e 6d ee a3 82 48 7b c6 a8 5d b2 e8 52 97 3d e5 a5 b8 ef 36 ad cf 46 de f8 e7 8e 98 46 5f 0f 08 b5 d5 be 41 c5 77 eb e3 54 28 7a 31 07 87 c9 e3 1b f0 13 22 9f 73 e2 40 ce 5e e0 09 2d 54 01 dc 63 06 df 9b 0e c1 43 bf 5c bc 02 50 4b 07 08 c0 47 8a 9f 88 01 00 00 46 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6b 6d 2f 6d 65 73 73 61 67 65 73 2e 6a Data Ascii: o0aB<.q9\"{`':?&jQ$X<%+M7S_Aw9\tCwg:wz]Mf-NmH{]R=6FF_AwT(z1"s@^-TcC\PKGFPK!-_locales/km/messages.j
2024-11-21 21:09:35 UTC	1390	IN	Data Raw: 46 69 27 57 e6 ee 9e df fa e6 7c 6c 22 ff dc fc cd 83 bf 84 75 53 df fb 95 fb e0 a6 5b e2 f7 c1 5f 87 cb 78 0d a9 ac a4 0c 68 8e 44 f1 68 52 0e 42 cf 48 31 70 61 e4 4c d1 69 c5 a7 46 2f 04 a6 71 7a 9a be 86 7e 9a df 4a 91 d1 b6 e2 f0 34 96 a4 11 21 a4 4d e9 67 b4 5d b3 aa 52 cd 51 3d 41 bb 66 f2 ab fd 2b c2 fc 18 cf 78 47 7c 50 e9 5f 0e f0 9b c4 43 6a 2a f2 42 35 42 84 04 d7 70 02 ab 0d b5 b1 89 32 98 e2 55 e6 4f d6 3f 1c 81 d7 4f df 01 50 4b 07 08 80 81 20 9b 32 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 6b 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 Data Ascii: Fi'W\|l"uS[_xhDhRBH1paLiF/qz~J4!Mg]RQ=Af+xG\|P_CjB5Bp2UO?OPK 2PK!-_locales/sk/messages.jsonUT6g Ad/

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:34 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-21 21:09:34 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-21 21:09:35 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Thu, 21 Nov 2024 21:09:35 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8e63a95e6aa65e5f-EWR alt-svc: h3=":443"; ma=86400
2024-11-21 21:09:35 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 de 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomA)

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:35 UTC	446	OUT	POST /ppsecure/deviceaddcredential.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 7642 Host: login.live.com
2024-11-21 21:09:35 UTC	7642	OUT	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 6a 63 61 63 72 61 74 70 67 7a 63 67 68 67 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 47 4d 7a 2a 72 28 63 68 44 62 48 4f 52 6e 69 62 71 6c 4b 48 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 61 6b 71 72 6c 66 67 75 6b 69 6a 65 76 6c 3c 2f 4f 6c 64 4d Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02jcacratpgzcghg</Membername><Password>GMz*r(chDbHORnibqlKH</Password></Authentication><OldMembername>02akqrlfgukijevl</OldM
2024-11-21 21:09:45 UTC	542	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/xml Expires: Thu, 21 Nov 2024 21:08:35 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C528_BL2 x-ms-request-id: 9ac3cdbb-af4d-4130-8049-ef7f998a1c14 PPServer: PPV: 30 H: BL02EPF0001DA52 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Thu, 21 Nov 2024 21:09:44 GMT Connection: close Content-Length: 17166
2024-11-21 21:09:45 UTC	15842	IN	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 30 30 31 31 37 32 36 38 33 36 36 38 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 36 66 36 35 64 62 62 39 2d 34 32 39 33 2d 34 39 37 65 2d 39 34 39 31 2d 35 38 34 65 65 62 33 37 39 65 62 36 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>0018001172683668</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="6f65dbb9-4293-497e-9491-584eeb379eb6" LicenseID="3252b20c-d425-4711
2024-11-21 21:09:45 UTC	1324	IN	Data Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66 Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:38 UTC	486	OUT	GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: ArbitrationService Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:09:38 UTC	532	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 21:09:38 GMT Content-Type: application/octet-stream Content-Length: 11989 Connection: close Last-Modified: Mon, 18 Nov 2024 20:19:33 GMT ETag: 0x8DD080E5097FBFA x-ms-request-id: f2abf3b7-301e-004d-6659-3caee5000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241121T210938Z-r1d97b99577ckpmjhC1TEBrzs00000000az000000000b04r Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-21 21:09:38 UTC	11989	IN	Data Raw: 7b 0d 0a 20 20 22 63 6f 6e 66 69 67 56 65 72 73 69 6f 6e 22 3a 20 33 32 2c 0d 0a 20 20 22 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 73 22 3a 20 5b 0d 0a 20 20 20 20 22 53 68 6f 72 65 6c 69 6e 65 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 49 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 43 4f 55 50 4f 4e 53 5f 43 48 45 43 4b 4f 55 54 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 4c 4f 57 45 52 5f 50 52 49 43 45 5f 46 4f 55 4e 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 42 49 4e 47 5f 53 45 41 52 43 48 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 52 45 42 41 54 45 Data Ascii: { "configVersion": 32, "PrivilegedExperiences": [ "ShorelinePrivilegedExperienceID", "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT", "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND", "SHOPPING_AUTO_SHOW_BING_SEARCH", "SHOPPING_AUTO_SHOW_REBATE

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:38 UTC	470	OUT	GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: Shoreline Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:09:38 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 21:09:38 GMT Content-Type: application/octet-stream Content-Length: 306698 Connection: close Content-Encoding: gzip Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT ETag: 0x8DBC9B5C40EBFF4 x-ms-request-id: 5ce19410-001e-000a-3659-3c718e000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241121T210938Z-15b8b599d88wn9hhhC1TEBry0g00000000fg0000000060um Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-21 21:09:38 UTC	15800	IN	Data Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&\|'J'~eL\|&c~6{JAw^z3cUEeMaTu W/^~b\|X_?r~vXwW
2024-11-21 21:09:38 UTC	16384	IN	Data Raw: a5 38 7d a8 02 c7 0a 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 Data Ascii: 8}u&U\h\|[T[%6Q+"PR6mU5YgV-HoB /!~qL\|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz\|PVM&UOu~{-oM5Qa
2024-11-21 21:09:38 UTC	16384	IN	Data Raw: 56 c6 75 11 82 12 e0 b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 Data Ascii: Vu,(T$&O7gkD$>U\|}mlBxz*BFSzP~\|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)\|[U35Q
2024-11-21 21:09:38 UTC	16384	IN	Data Raw: 15 3e 36 a4 6a 67 7e 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 Data Ascii: >6jg~B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:_Gp`n3.e_j;`?ihbE}Z_"]ya8/b</8iEC>niM]z_]y]DZgtc>qDX\\M
2024-11-21 21:09:39 UTC	16384	IN	Data Raw: e5 2e b7 93 a4 b3 90 c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 Data Ascii: .kp4k@?lk/IyMR\!1Q\|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0oj~~{Y1U}n\|?4>tk,OS]\|w}:)y7gg3r#YU]oU~C
2024-11-21 21:09:39 UTC	16384	IN	Data Raw: df 26 b7 09 e8 f5 8c 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c Data Ascii: &{M1eIwyfr;Tt5S};PtEr~uVOLC=A{5__ptHt\|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l
2024-11-21 21:09:39 UTC	16384	IN	Data Raw: c0 77 d7 f0 0b 75 ef b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e Data Ascii: wuO n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^\|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>
2024-11-21 21:09:39 UTC	16384	IN	Data Raw: 8f 67 d5 e8 e4 34 eb e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 Data Ascii: g4,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[\|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
2024-11-21 21:09:39 UTC	16384	IN	Data Raw: c8 b1 0e c3 45 a4 cf 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 Data Ascii: E4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;\|.'Ocl7vUh&n{G]%vH
2024-11-21 21:09:39 UTC	16384	IN	Data Raw: 94 22 1e 7d b0 6a 95 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 Data Ascii: "}jVG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0"1OvD#jK_F(Mu,abs&0`K`\|'5Z:-#BoFX1-3JESJY(bJX@D[93&Pq<jy@^2%

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:38 UTC	711	OUT	GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.47 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:09:39 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 21:09:39 GMT Content-Type: application/octet-stream Content-Length: 70207 Connection: close Content-Encoding: gzip Last-Modified: Thu, 21 Nov 2024 04:18:43 GMT ETag: 0x8DD09E3961B864F x-ms-request-id: 871fd69a-a01e-0061-5659-3c2cd8000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241121T210938Z-r1d97b99577hc74hhC1TEBvbns0000000apg00000000s00x Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-21 21:09:39 UTC	15821	IN	Data Raw: 1f 8b 08 08 a3 b4 3e 67 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: >gasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-11-21 21:09:39 UTC	16384	IN	Data Raw: 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 c1 d0 1d 5d d0 58 b3 51 22 09 e8 37 c0 Data Ascii: ,0Rte\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:]XQ"7
2024-11-21 21:09:39 UTC	16384	IN	Data Raw: d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b 70 5a 19 73 3e 85 d2 c6 f8 80 22 71 cd Data Ascii: M kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|crkXpZs>"q
2024-11-21 21:09:39 UTC	16384	IN	Data Raw: 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc 9c d4 76 22 35 66 3f 5d d9 fb 8e 7d 65 Data Ascii: H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;v"5f?]}e
2024-11-21 21:09:39 UTC	5234	IN	Data Raw: 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e 26 d2 d8 ca 80 2c 56 f9 34 27 86 21 28 Data Ascii: NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt\|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.&,V4'!(

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Bunny\Autofills\Autofills.txt

C:\Users\user\AppData\Local\Bunny\Info.txt

C:\Users\user\AppData\Local\D3DSCache\fe8d97be6d92aa78\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

C:\Users\user\AppData\Local\D3DSCache\fe8d97be6d92aa78\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

C:\Users\user\AppData\Local\D3DSCache\fe8d97be6d92aa78\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\passwords.db

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\webdata.db

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\251ff26d-77ba-47ee-89c2-f2ad5fc6fa87.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\369a7241-470d-48f1-b5ea-ef97b0c9cd08.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3af30725-ccf7-4b05-af7b-cf9190d9ca66.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\573e5a17-9465-4eb4-9a1c-9a52eafefd8f.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6c674b5b-1950-4e81-8c81-97bcac0b339e.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\83466cde-e45e-4693-b7ae-0fb35dc7a184.tmp

Windows Analysis Report
file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:38 UTC	614	OUT	GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1732828174&P2=404&P3=2&P4=KnbEqgNPcUnA8aSdEM0rHz9HBl2U5F1phLr4tg3mXV2FpVBWIZkDhYu%2fpKYLQ9gEElLxwZa1NIsFs6omlOrzLQ%3d%3d HTTP/1.1 Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com Connection: keep-alive MS-CV: zUE+65jNFo1e5OR/iMqCJ6 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:09:39 UTC	633	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Age: 12149909 Cache-Control: public, max-age=17280000 Content-Type: application/x-chrome-extension Date: Thu, 21 Nov 2024 21:09:38 GMT Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8=" Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31 MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0 MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4 Server: ECAcc (nyd/D11E) X-AspNet-Version: 4.0.30319 X-AspNetMvc-Version: 5.3 X-Cache: HIT X-CCC: US X-CID: 11 X-Powered-By: ASP.NET X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Content-Length: 11185 Connection: close
2024-11-21 21:09:39 UTC	11185	IN	Data Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20 Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:39 UTC	723	OUT	POST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 746 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiaVNaUXRIczFGQWN5dTViRXJwdG1TUT09IiwgImhhc2giOiI0clV2Wk8vWEJsYz0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "636976985063396749.rel.v2" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-21 21:09:39 UTC	746	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-21 21:09:39 UTC	248	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 21:09:39 GMT Content-Type: application/octet-stream Content-Length: 57 Connection: close Server: Kestrel ETag: "638343870221005468" Request-Context: appId=cid-v1:46ea1a4d-29cb-4e7e-a1ff-735721467fe3
2024-11-21 21:09:39 UTC	57	IN	Data Raw: 39 00 00 00 0a 00 00 00 6d 75 72 6d 75 72 33 00 0d 00 00 00 e7 00 00 00 0c 00 00 00 2c 4d f0 68 e4 05 e3 5a 14 87 bb 38 10 5c e2 c4 94 3c 26 4c 69 f1 48 99 f4 5b b2 3f 6d Data Ascii: 9murmur3,MhZ8\<&LiH[?m

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:39 UTC	628	OUT	GET /bundles/v1/edgeChromium/latest/vendors.7e27cca6027b8d6697cb.js HTTP/1.1 Host: assets2.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://ntp.msn.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:09:39 UTC	1239	IN	HTTP/1.1 200 OK Content-Type: application/javascript Content-MD5: 2o3TH2IeNXyf9OP87xu6FA== Last-Modified: Fri, 15 Nov 2024 22:31:11 GMT ETag: 0x8DD05C53565F83D Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 64e866d1-101e-0037-3246-3988b3000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Date: Thu, 21 Nov 2024 21:09:39 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Alt-Svc: h3=":443"; ma=86400 Akamai-Request-BC: [a=23.195.36.246,b=647921010,c=g,n=US_NJ_SECAUCUS,o=20940] Server-Timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0 Akamai-Cache-Status: Hit from child Akamai-Server-IP: 23.195.36.246 Akamai-Request-ID: 269e7d72 Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]} nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1} Cache-Control: public, no-transform, max-age=31535892 Timing-Allow-Origin: * Akamai-GRN: 0.f624c317.1732223379.269e7d72 Vary: Origin
2024-11-21 21:09:39 UTC	15145	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 76 65 6e 64 6f 72 73 2e 37 65 32 37 63 63 61 36 30 32 37 62 38 64 36 36 39 37 63 62 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 3d 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 22 76 65 6e 64 6f 72 73 22 5d 2c 7b 37 33 30 34 30 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 7d 74 2e 65 78 70 6f 72 74 73 3d 65 2c 74 2e 65 78 70 6f 72 74 73 2e 48 74 74 70 73 41 67 65 6e 74 3d 65 7d 2c 31 33 30 31 Data Ascii: 00006000/! For license information please see vendors.7e27cca6027b8d6697cb.js.LICENSE.txt /(self.edgeChromiumWebpackChunks=self.edgeChromiumWebpackChunks\|\|[]).push([["vendors"],{73040:function(t){function e(){}t.exports=e,t.exports.HttpsAgent=e},1301
2024-11-21 21:09:39 UTC	9443	IN	Data Raw: 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5c 5c 64 7b 34 7d 7c 5b 2b 2d 5d 5c 5c 64 7b 22 2b 28 34 2b 65 29 2b 22 7d 29 7c 28 5c 5c 64 7b 32 7d 7c 5b 2b 2d 5d 5c 5c 64 7b 22 2b 28 32 2b 65 29 2b 22 7d 29 24 29 22 29 2c 72 3d 74 2e 6d 61 74 63 68 28 6e 29 3b 69 66 28 21 72 29 72 65 74 75 72 6e 7b 79 65 61 72 3a 4e 61 4e 2c 72 65 73 74 44 61 74 65 53 74 72 69 6e 67 3a 22 22 7d 3b 76 61 72 20 69 3d 72 5b 31 5d 3f 70 61 72 73 65 49 6e 74 28 72 5b 31 5d 29 3a 6e 75 6c 6c 2c 6f 3d 72 5b 32 5d 3f 70 61 72 73 65 49 6e 74 28 72 5b 32 5d 29 3a 6e 75 6c 6c 3b 72 65 74 75 72 6e 7b 79 65 61 72 3a 6e 75 6c 6c 3d 3d 3d 6f 3f 69 3a 31 30 30 2a 6f 2c 72 65 73 74 44 61 74 65 53 74 72 69 6e 67 3a 74 2e 73 6c 69 63 65 28 Data Ascii: ion(t,e){var n=new RegExp("^(?:(\\d{4}\|[+-]\\d{"+(4+e)+"})\|(\\d{2}\|[+-]\\d{"+(2+e)+"})$)"),r=t.match(n);if(!r)return{year:NaN,restDateString:""};var i=r[1]?parseInt(r[1]):null,o=r[2]?parseInt(r[2]):null;return{year:null===o?i:100*o,restDateString:t.slice(
2024-11-21 21:09:39 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 75 78 2f 22 29 7d 2c 61 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 6b 65 79 73 28 74 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 65 5b 6e 5d 3d 74 5b 6e 5d 7d 29 29 7d 2c 73 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 20 6e 28 72 29 7b 69 66 28 65 28 72 29 29 7b 76 61 72 20 69 3d 74 28 72 29 3b 72 65 74 75 72 6e 20 61 28 74 2c 6e 29 2c 69 7d 72 65 74 75 72 6e 7b 7d 7d 3b 72 65 74 75 72 6e 20 61 28 74 2c 6e 29 2c 6e 7d 2c 66 3d 22 52 4f 4f 54 22 2c 6c 3d 22 4e 41 4d 45 53 50 41 43 45 5f 52 4f 4f 54 22 2c 76 3d 22 43 48 49 4c 44 22 2c 64 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 Data Ascii: 00006000ux/")},a=function(t,e){return Object.keys(t).forEach((function(n){return e[n]=t[n]}))},s=function(t,e){var n=function n(r){if(e(r)){var i=t(r);return a(t,n),i}return{}};return a(t,n),n},f="ROOT",l="NAMESPACE_ROOT",v="CHILD",d=function(t){return
2024-11-21 21:09:39 UTC	8204	IN	Data Raw: 65 3d 6c 5b 74 2e 63 68 61 72 41 74 28 6f 2b 2b 29 5d 3c 3c 31 38 7c 6c 5b 74 2e 63 68 61 72 41 74 28 6f 2b 2b 29 5d 3c 3c 31 32 7c 28 6e 3d 6c 5b 74 2e 63 68 61 72 41 74 28 6f 2b 2b 29 5d 29 3c 3c 36 7c 28 72 3d 6c 5b 74 2e 63 68 61 72 41 74 28 6f 2b 2b 29 5d 29 2c 69 2b 3d 36 34 3d 3d 3d 6e 3f 64 28 65 3e 3e 31 36 26 32 35 35 29 3a 36 34 3d 3d 3d 72 3f 64 28 65 3e 3e 31 36 26 32 35 35 2c 65 3e 3e 38 26 32 35 35 29 3a 64 28 65 3e 3e 31 36 26 32 35 35 2c 65 3e 3e 38 26 32 35 35 2c 32 35 35 26 65 29 3b 72 65 74 75 72 6e 20 69 7d 2c 4e 3d 6f 3f 74 3d 3e 61 74 6f 62 28 67 28 74 29 29 3a 63 3f 74 3d 3e 42 75 66 66 65 72 2e 66 72 6f 6d 28 74 2c 22 62 61 73 65 36 34 22 29 2e 74 6f 53 74 72 69 6e 67 28 22 62 69 6e 61 72 79 22 29 3a 4c 2c 44 3d 63 3f 74 3d 3e 70 Data Ascii: e=l[t.charAt(o++)]<<18\|l[t.charAt(o++)]<<12\|(n=l[t.charAt(o++)])<<6\|(r=l[t.charAt(o++)]),i+=64===n?d(e>>16&255):64===r?d(e>>16&255,e>>8&255):d(e>>16&255,e>>8&255,255&e);return i},N=o?t=>atob(g(t)):c?t=>Buffer.from(t,"base64").toString("binary"):L,D=c?t=>p
2024-11-21 21:09:39 UTC	2479	IN	Data Raw: 30 30 30 30 30 39 41 33 0d 0a 72 63 65 2c 45 2e 65 78 65 63 28 74 29 29 3b 72 65 74 75 72 6e 20 65 2e 6c 61 73 74 49 6e 64 65 78 3d 74 2e 6c 61 73 74 49 6e 64 65 78 2c 65 7d 2c 78 3d 6e 28 35 36 31 33 37 29 2c 5f 3d 78 2e 5a 3f 78 2e 5a 2e 70 72 6f 74 6f 74 79 70 65 3a 76 6f 69 64 20 30 2c 53 3d 5f 3f 5f 2e 76 61 6c 75 65 4f 66 3a 76 6f 69 64 20 30 3b 76 61 72 20 54 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 53 3f 4f 62 6a 65 63 74 28 53 2e 63 61 6c 6c 28 74 29 29 3a 7b 7d 7d 2c 4c 3d 6e 28 39 37 35 35 38 29 3b 76 61 72 20 4e 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3b 73 77 69 74 63 68 28 65 29 7b 63 61 73 65 22 5b 6f 62 6a 65 63 74 20 41 72 72 61 79 42 75 66 66 65 72 5d Data Ascii: 000009A3rce,E.exec(t));return e.lastIndex=t.lastIndex,e},x=n(56137),_=x.Z?x.Z.prototype:void 0,S=_?_.valueOf:void 0;var T=function(t){return S?Object(S.call(t)):{}},L=n(97558);var N=function(t,e,n){var r=t.constructor;switch(e){case"[object ArrayBuffer]
2024-11-21 21:09:39 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 3d 6e 28 37 31 31 35 35 29 3b 65 2e 5a 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 2c 73 29 7b 76 61 72 20 66 3d 2d 31 2c 6c 3d 69 2e 5a 2c 76 3d 21 30 2c 64 3d 74 2e 6c 65 6e 67 74 68 2c 70 3d 5b 5d 2c 68 3d 65 2e 6c 65 6e 67 74 68 3b 69 66 28 21 64 29 72 65 74 75 72 6e 20 70 3b 6e 26 26 28 65 3d 28 30 2c 75 2e 5a 29 28 65 2c 28 30 2c 63 2e 5a 29 28 6e 29 29 29 2c 73 3f 28 6c 3d 6f 2e 5a 2c 76 3d 21 31 29 3a 65 2e 6c 65 6e 67 74 68 3e 3d 32 30 30 26 26 28 6c 3d 61 2e 5a 2c 76 3d 21 31 2c 65 3d 6e 65 77 20 72 2e 5a 28 65 29 29 3b 74 3a 66 6f 72 28 3b 2b 2b 66 3c 64 3b 29 7b 76 61 72 20 67 3d 74 5b 66 5d 2c 5a 3d 6e 75 6c 6c 3d 3d 6e 3f 67 3a 6e 28 67 29 3b 69 66 28 67 3d 73 7c 7c 30 21 3d 3d 67 3f 67 3a 30 2c 76 26 26 5a 3d Data Ascii: 00004000=n(71155);e.Z=function(t,e,n,s){var f=-1,l=i.Z,v=!0,d=t.length,p=[],h=e.length;if(!d)return p;n&&(e=(0,u.Z)(e,(0,c.Z)(n))),s?(l=o.Z,v=!1):e.length>=200&&(l=a.Z,v=!1,e=new r.Z(e));t:for(;++f<d;){var g=t[f],Z=null==n?g:n(g);if(g=s\|\|0!==g?g:0,v&&Z=
2024-11-21 21:09:39 UTC	12	IN	Data Raw: 6e 3a 64 65 6c 65 74 65 20 74 0d 0a Data Ascii: n:delete t
2024-11-21 21:09:39 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 5b 63 5d 29 2c 69 7d 7d 2c 38 37 33 33 39 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 6e 28 38 30 33 32 33 29 2c 69 3d 6e 28 33 36 31 32 29 2c 6f 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 2c 75 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 2c 63 3d 75 3f 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 74 3f 5b 5d 3a 28 74 3d 4f 62 6a 65 63 74 28 74 29 2c 28 30 2c 72 2e 5a 29 28 75 28 74 29 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6f 2e 63 61 6c 6c 28 74 2c 65 29 7d 29 29 29 7d 3a 69 2e 5a 3b 65 2e 5a 3d Data Ascii: 00004000[c]),i}},87339:function(t,e,n){"use strict";var r=n(80323),i=n(3612),o=Object.prototype.propertyIsEnumerable,u=Object.getOwnPropertySymbols,c=u?function(t){return null==t?[]:(t=Object(t),(0,r.Z)(u(t),(function(e){return o.call(t,e)})))}:i.Z;e.Z=
2024-11-21 21:09:39 UTC	12	IN	Data Raw: 3d 3d 74 79 70 65 6f 66 20 74 0d 0a Data Ascii: ==typeof t

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:39 UTC	448	OUT	POST /chromewebstore/v1.1/items/verify HTTP/1.1 Host: www.googleapis.com Connection: keep-alive Content-Length: 119 Content-Type: application/json Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:09:39 UTC	119	OUT	Data Raw: 7b 22 68 61 73 68 22 3a 22 45 70 44 59 46 37 73 55 68 68 4f 41 33 56 73 70 30 30 34 5a 43 6f 7a 46 54 6d 55 55 74 56 48 43 54 74 54 38 78 7a 34 52 70 6e 34 3d 22 2c 22 69 64 73 22 3a 5b 22 67 68 62 6d 6e 6e 6a 6f 6f 65 6b 70 6d 6f 65 63 6e 6e 6e 69 6c 6e 6e 62 64 6c 6f 6c 68 6b 68 69 22 5d 2c 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 31 7d Data Ascii: {"hash":"EpDYF7sUhhOA3Vsp004ZCozFTmUUtVHCTtT8xz4Rpn4=","ids":["ghbmnnjooekpmoecnnnilnnbdlolhkhi"],"protocol_version":1}
2024-11-21 21:09:39 UTC	341	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 Vary: Origin Vary: X-Origin Vary: Referer Date: Thu, 21 Nov 2024 21:09:39 GMT Server: ESF Content-Length: 483 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-21 21:09:39 UTC	483	IN	Data Raw: 7b 0a 20 20 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 20 31 2c 0a 20 20 22 73 69 67 6e 61 74 75 72 65 22 3a 20 22 5a 38 47 49 77 35 67 63 68 75 30 41 6a 53 74 7a 47 56 6b 31 4d 52 57 79 5a 70 69 73 66 66 61 68 64 4d 70 4e 55 67 78 47 35 6e 73 4b 4c 78 50 70 51 52 2b 6c 6f 57 46 75 46 56 56 34 30 41 75 4a 69 2f 6f 56 74 4b 34 6d 45 39 4a 77 79 45 66 56 57 32 63 37 2f 35 74 73 34 7a 64 73 4d 74 6d 6d 67 39 75 67 79 34 41 31 4c 4b 59 6e 74 64 6d 75 53 72 6a 67 36 31 71 74 47 64 6a 58 52 34 5a 6e 54 49 48 56 57 6b 73 67 4f 64 68 43 57 4a 52 68 48 59 71 79 6a 76 34 4f 4d 4b 5a 70 71 36 7a 33 33 56 45 6a 61 46 4d 2f 66 42 4c 4c 38 62 5a 71 75 54 48 45 6e 72 72 49 49 56 79 56 6b 50 33 2b 6c 76 31 4e 76 4b 6d 55 2f 4e 4e 4b 73 42 4b 66 73 5a 4d 69 Data Ascii: { "protocol_version": 1, "signature": "Z8GIw5gchu0AjStzGVk1MRWyZpisffahdMpNUgxG5nsKLxPpQR+loWFuFVV40AuJi/oVtK4mE9JwyEfVW2c7/5ts4zdsMtmmg9ugy4A1LKYntdmuSrjg61qtGdjXR4ZnTIHVWksgOdhCWJRhHYqyjv4OMKZpq6z33VEjaFM/fBLL8bZquTHEnrrIIVyVkP3+lv1NvKmU/NNKsBKfsZMi

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:40 UTC	698	OUT	POST /api/browser/edge/data/settings/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 746 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiaVNaUXRIczFGQWN5dTViRXJwdG1TUT09IiwgImhhc2giOiI0clV2Wk8vWEJsYz0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "2.0-0" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-21 21:09:40 UTC	746	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-21 21:09:41 UTC	302	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 21:09:40 GMT Content-Type: application/octet-stream Content-Length: 130439 Connection: close Server: Kestrel ETag: "2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1" Request-Context: appId=cid-v1:46ea1a4d-29cb-4e7e-a1ff-735721467fe3
2024-11-21 21:09:41 UTC	16082	IN	Data Raw: 7b 0d 0a 20 20 22 67 65 6f 69 64 4d 61 70 73 22 3a 20 7b 0d 0a 20 20 20 20 22 61 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 75 73 74 72 61 6c 69 61 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 63 68 22 3a 20 22 68 74 74 70 73 3a 2f 2f 73 77 69 74 7a 65 72 6c 61 6e 64 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 65 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 65 75 72 6f 70 65 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 66 66 6c 34 22 3a 20 22 68 74 74 70 73 3a 2f 2f 75 6e 69 74 65 64 73 74 61 74 65 73 31 2e 73 73 2e 77 64 2e 6d 69 63 72 6f 73 6f 66 74 2e 75 73 2f 22 2c 0d 0a Data Ascii: { "geoidMaps": { "au": "https://australia.smartscreen.microsoft.com/", "ch": "https://switzerland.smartscreen.microsoft.com/", "eu": "https://europe.smartscreen.microsoft.com/", "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",
2024-11-21 21:09:41 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 30 39 63 34 37 36 32 37 62 63 35 33 33 62 35 39 32 34 61 30 35 35 61 30 34 62 63 34 63 33 33 65 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 39 2e 35 38 33 34 34 30 31 37 37 34 34 37 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 36 33 34 65 62 32 30 64 62 35 30 38 65 33 61 33 31 62 36 31 34 38 31 61 32 35 31 62 66 39 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 33 33 37 30 36 38 35 39 32 37 38 32 37 33 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: { "key": "09c47627bc533b5924a055a04bc4c33e", "value": 9.58344017744784 }, { "key": "e634eb20db508e3a31b61481a251bf93", "value": -0.337068592782735
2024-11-21 21:09:41 UTC	16384	IN	Data Raw: 30 37 37 37 34 37 33 33 30 39 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 31 32 62 62 65 66 63 30 35 64 35 31 34 32 65 37 65 62 36 38 36 66 61 64 38 64 65 61 39 32 31 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 35 37 31 37 37 35 33 31 31 38 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 65 35 66 62 38 64 66 31 32 35 61 34 37 32 31 64 31 64 66 33 32 38 62 63 36 66 32 64 64 65 61 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a Data Ascii: 07774733095 }, { "key": "12bbefc05d5142e7eb686fad8dea9211", "value": -1.05717753118094 }, { "key": "ce5fb8df125a4721d1df328bc6f2ddea", "value":
2024-11-21 21:09:41 UTC	16384	IN	Data Raw: 20 2d 31 2e 39 30 31 33 34 36 37 39 37 33 36 34 32 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 66 32 33 35 64 63 66 36 62 34 32 39 62 61 34 31 36 64 63 65 37 34 64 34 62 36 66 62 63 34 37 62 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 31 2e 32 36 30 31 38 31 31 38 35 36 30 38 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 38 66 31 37 64 37 34 30 33 61 63 35 66 66 32 38 39 36 61 37 31 33 61 37 31 37 35 65 64 31 39 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 Data Ascii: -1.9013467973642 }, { "key": "f235dcf6b429ba416dce74d4b6fbc47b", "value": 1.26018118560884 }, { "key": "c8f17d7403ac5ff2896a713a7175ed19", "va
2024-11-21 21:09:41 UTC	16384	IN	Data Raw: 36 62 64 32 65 65 33 36 63 30 33 66 36 66 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 35 2e 38 35 39 38 36 34 33 39 33 34 36 35 37 36 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 66 64 32 61 66 36 30 63 38 35 30 31 39 33 31 63 62 39 63 37 33 36 62 35 61 64 37 34 66 36 35 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 33 2e 39 35 36 39 39 35 33 35 33 36 34 30 30 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 32 63 38 34 38 35 34 38 64 34 36 30 63 Data Ascii: 6bd2ee36c03f6f", "value": 5.85986439346576 }, { "key": "efd2af60c8501931cb9c736b5ad74f65", "value": 3.95699535364003 }, { "key": "2c848548d460c
2024-11-21 21:09:41 UTC	16384	IN	Data Raw: 20 22 6b 65 79 22 3a 20 22 65 31 36 38 36 30 37 38 64 31 62 36 30 64 33 35 31 64 61 35 61 38 37 35 34 33 61 32 61 36 36 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 37 2e 35 30 36 36 35 35 32 34 32 36 32 35 35 31 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 33 61 33 34 31 37 66 35 66 32 30 61 30 33 61 39 38 39 37 33 36 38 39 38 38 37 66 62 37 32 61 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 37 34 39 32 32 35 31 37 36 34 32 37 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 Data Ascii: "key": "e1686078d1b60d351da5a87543a2a663", "value": 7.50665524262551 }, { "key": "3a3417f5f20a03a98973689887fb72a2", "value": -1.74922517642794 }, {
2024-11-21 21:09:41 UTC	16384	IN	Data Raw: 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 62 30 64 61 32 37 35 35 32 30 39 31 38 65 32 33 64 64 36 31 35 65 32 61 37 34 37 35 32 38 66 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 39 37 36 31 34 30 37 39 32 39 31 35 33 37 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 66 61 62 31 62 61 38 63 36 37 63 37 63 38 33 38 64 62 39 38 64 36 36 36 66 30 32 61 31 33 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 31 31 37 38 37 35 38 36 30 34 35 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a Data Ascii: { "key": "b0da275520918e23dd615e2a747528f1", "value": -0.976140792915373 }, { "key": "cfab1ba8c67c7c838db98d666f02a132", "value": -1.11787586045094 },
2024-11-21 21:09:41 UTC	16053	IN	Data Raw: 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 64 65 39 35 62 34 33 62 63 65 65 62 34 62 39 39 38 61 65 64 34 61 65 64 35 63 65 66 31 61 65 37 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 33 33 31 39 35 35 36 37 30 31 31 37 37 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 61 64 64 65 63 34 32 36 39 33 32 65 37 31 33 32 33 37 30 30 61 66 61 31 39 31 31 66 38 66 31 63 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 30 2e 31 36 30 39 38 34 33 32 38 39 38 35 39 32 34 0d Data Ascii: }, { "key": "de95b43bceeb4b998aed4aed5cef1ae7", "value": -1.03319556701177 }, { "key": "addec426932e71323700afa1911f8f1c", "value": 0.160984328985924

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:41 UTC	431	OUT	GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:09:41 UTC	536	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 21:09:41 GMT Content-Type: image/png Content-Length: 1966 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT ETag: 0x8DBDCB5EC122A94 x-ms-request-id: 1e9f1f98-401e-0006-2c47-3c9f7f000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241121T210941Z-178bfbc474bpnd5vhC1NYC4vr400000001x000000000y3ay Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 21:09:41 UTC	1966	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNntw<T:A-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:41 UTC	433	OUT	GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:09:41 UTC	536	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 21:09:41 GMT Content-Type: image/png Content-Length: 1751 Connection: close Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT ETag: 0x8DBCEA8D5AACC85 x-ms-request-id: 4672b4b6-e01e-0066-2047-3cda5d000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241121T210941Z-178bfbc474btrnf9hC1NYCb80g000000023000000000vdd9 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 21:09:41 UTC	1751	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:41 UTC	433	OUT	GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:09:41 UTC	543	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 21:09:41 GMT Content-Type: image/png Content-Length: 1427 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT ETag: 0x8DBDCB5EF021F8E x-ms-request-id: 5134cf6a-301e-006f-2d59-3cc0d3000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241121T210941Z-1777c6cb754j47wfhC1TEB5wrw00000007fg00000000dcda Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 21:09:41 UTC	1427	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:41 UTC	430	OUT	GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:09:41 UTC	543	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 21:09:41 GMT Content-Type: image/png Content-Length: 2008 Connection: close Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT ETag: 0x8DBC9B5C0C17219 x-ms-request-id: b63a2708-a01e-006a-4659-3c34ac000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241121T210941Z-178bfbc474b9fdhphC1NYCac0n00000002000000000083h3 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-21 21:09:41 UTC	2008	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*\|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos

Timestamp	Bytes transferred	Direction	Data
2024-11-21 21:09:41 UTC	422	OUT	GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-21 21:09:41 UTC	536	IN	HTTP/1.1 200 OK Date: Thu, 21 Nov 2024 21:09:41 GMT Content-Type: image/png Content-Length: 2229 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT ETag: 0x8DBD59359A9E77B x-ms-request-id: 6d9d1516-001e-0001-3d59-3c69fa000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241121T210941Z-178bfbc474bnwsh4hC1NYC2ubs000000023g00000000cb9p Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-21 21:09:41 UTC	2229	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl