Edit tour

Windows Analysis Report
wp-cent.exe

Overview

General Information

Sample name:	wp-cent.exe
Analysis ID:	1578474
MD5:	03139cb6d13eee06845c9339720df3cd
SHA1:	91cfd38e408fa863b771e92b92cb52dfdba44bf3
SHA256:	f4d0a2e5a67453f66b8f4193e486d7c5dc05786fce0f029e8895b4a027e318a7
Tags:	exeuser-smica83
Infos:

Detection

Python BackDoor

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Python BackDoor

AI detected suspicious sample

Found pyInstaller with non standard icon

Opens network shares

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Binary contains a suspicious time stamp

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

Found potential string decryption / allocating functions

IP address seen in connection with other malware

One or more processes crash

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Classification

Process Tree

System is w10x64

wp-cent.exe (PID: 7476 cmdline: "C:\Users\user\Desktop\wp-cent.exe" MD5: 03139CB6D13EEE06845C9339720DF3CD)

wp-cent.exe (PID: 7536 cmdline: "C:\Users\user\Desktop\wp-cent.exe" MD5: 03139CB6D13EEE06845C9339720DF3CD)

systeminfo.exe (PID: 7608 cmdline: systeminfo MD5: EE309A9C61511E907D87B10EF226FDCD)

conhost.exe (PID: 7620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 7676 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

cmd.exe (PID: 7760 cmdline: C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 7808 cmdline: wmic computersystem get manufacturer MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

WerFault.exe (PID: 7924 cmdline: C:\Windows\system32\WerFault.exe -u -p 7536 -s 980 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000001.00000003.1722489604.0000019378638000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
00000001.00000003.1723661754.0000019378638000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
00000001.00000002.2101783704.0000019378638000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
00000001.00000003.1721752184.0000019378611000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security
Process Memory Space: wp-cent.exe PID: 7536	JoeSecurity_PythonBackDoor_1	Yara detected Python BackDoor	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 97.6% probability

Source: wp-cent.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: wp-cent.exe, 00000000.00000003.1683831088.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: wp-cent.exe, 00000000.00000003.1684499010.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: wp-cent.exe, 00000001.00000002.2117452508.00007FFE00827000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: wp-cent.exe, 00000000.00000003.1657238199.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2122446731.00007FFE148E3000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb\| source: wp-cent.exe, 00000001.00000002.2113080912.00007FFDFA55A000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdbDD source: wp-cent.exe, 00000001.00000002.2117792891.00007FFE01395000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: wp-cent.exe, 00000001.00000002.2114688112.00007FFDFB0B6000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: wp-cent.exe, 00000001.00000002.2118141429.00007FFE01435000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL \|\| WITHIN_ARENA(temp->next)assertion failed: (char *)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: wp-cent.exe, 00000001.00000002.2113080912.00007FFDFA4C2000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: wp-cent.exe, 00000001.00000002.2122861507.00007FFE1A4B4000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: wp-cent.exe, 00000001.00000002.2122861507.00007FFE1A4B4000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb source: wp-cent.exe, 00000001.00000002.2113080912.00007FFDFA55A000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: wp-cent.exe, 00000000.00000003.1666997016.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2121978456.00007FFE13205000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: wp-cent.exe, 00000000.00000003.1684028473.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: wp-cent.exe, 00000001.00000002.2121602719.00007FFE130C3000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb%% source: wp-cent.exe, 00000001.00000002.2118452224.00007FFE0E177000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: wp-cent.exe, 00000001.00000002.2118452224.00007FFE0E177000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: wp-cent.exe, 00000001.00000002.2122633721.00007FFE1A463000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: qwebp.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: wp-cent.exe, 00000001.00000002.2121200623.00007FFE12E16000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: wp-cent.exe, 00000001.00000002.2120167705.00007FFE11EDB000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbT source: wp-cent.exe, 00000001.00000002.2114688112.00007FFDFB0B6000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: wp-cent.exe, 00000001.00000002.2120761537.00007FFE120C3000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: wp-cent.exe, 00000001.00000002.2111561833.00007FFDF98FA000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: wp-cent.exe, 00000001.00000002.2120167705.00007FFE11EDB000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: wp-cent.exe, 00000001.00000002.2122214479.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: wp-cent.exe, 00000001.00000002.2112222114.00007FFDF9EFA000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: wp-cent.exe, 00000001.00000002.2117124373.00007FFE004F4000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: wp-cent.exe, 00000001.00000002.2119883818.00007FFE11EA9000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: wp-cent.exe, 00000000.00000003.1684972855.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: wp-cent.exe, 00000001.00000002.2100962151.0000019376620000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python313.pdb source: wp-cent.exe, 00000001.00000002.2115891551.00007FFDFB888000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdb source: wp-cent.exe, 00000001.00000002.2117792891.00007FFE01395000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: wp-cent.exe, 00000000.00000003.1666864223.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: wp-cent.exe, 00000001.00000002.2118970994.00007FFE1024E000.00000002.00000001.01000000.00000013.sdmp

Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B6683C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00007FF62B6683C0
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B669280 FindFirstFileExW,FindClose,	0_2_00007FF62B669280
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B681874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF62B681874
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B669280 FindFirstFileExW,FindClose,	1_2_00007FF62B669280
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B6683C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	1_2_00007FF62B6683C0

Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI74762\	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\	Jump to behavior

Source: Joe Sandbox View

IP Address: 104.20.22.46 104.20.22.46

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: nodejs.org

Source: wp-cent.exe, 00000001.00000002.2107906397.0000019378FC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredID
Source: wp-cent.exe, 00000000.00000003.1665675078.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1657823281.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687331856.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1665090203.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1670087258.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1660590364.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664094757.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664930402.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1661958900.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEB0000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1663561843.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1662774265.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1685103850.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1659197675.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wp-cent.exe, 00000000.00000003.1665675078.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1657823281.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687331856.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1665090203.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1670087258.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1660590364.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664094757.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664930402.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1661958900.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEB0000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1663561843.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1662774265.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1685103850.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1659197675.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: wp-cent.exe, 00000000.00000003.1665675078.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1657823281.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687331856.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1665090203.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1670087258.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1660590364.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664094757.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664930402.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1661958900.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1663561843.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1662774265.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1685103850.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1659197675.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683831088.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: wp-cent.exe, 00000001.00000003.1725093384.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727085420.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: wp-cent.exe, 00000001.00000002.2100986063.0000019376719000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlx
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378870000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378870000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlf
Source: wp-cent.exe, 00000000.00000003.1665675078.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1657823281.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687331856.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1665090203.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1670087258.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1660590364.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664094757.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664930402.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1661958900.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEB0000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1663561843.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1662774265.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1685103850.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1659197675.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: wp-cent.exe, 00000000.00000003.1665675078.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1657823281.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687331856.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1665090203.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1670087258.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1660590364.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664094757.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664930402.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1661958900.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1663561843.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1662774265.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1685103850.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1659197675.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683831088.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: wp-cent.exe, 00000000.00000003.1665675078.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1657823281.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687331856.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1665090203.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1670087258.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1660590364.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664094757.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664930402.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1661958900.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEB0000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1663561843.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1662774265.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1685103850.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1659197675.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: wp-cent.exe, 00000000.00000003.1685103850.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl
Source: wp-cent.exe, 00000000.00000003.1665675078.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1657823281.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687331856.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1665090203.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1670087258.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1660590364.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664094757.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664930402.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1661958900.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1663561843.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1662774265.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1685103850.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1659197675.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683831088.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: wp-cent.exe, 00000000.00000003.1665675078.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1657823281.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687331856.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1665090203.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1670087258.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1660590364.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664094757.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664930402.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1661958900.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEB0000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1663561843.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1662774265.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1685103850.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1659197675.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wp-cent.exe, 00000000.00000003.1665675078.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1657823281.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687331856.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1665090203.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1670087258.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1660590364.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664094757.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664930402.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1661958900.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEB0000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1663561843.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1662774265.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1685103850.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1659197675.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: wp-cent.exe, 00000000.00000003.1665675078.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1657823281.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687331856.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1665090203.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1670087258.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1660590364.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664094757.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664930402.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1661958900.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1663561843.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1662774265.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1685103850.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1659197675.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683831088.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: wp-cent.exe, 00000001.00000002.2107906397.0000019378FC0000.00000004.00001000.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1724948002.0000019378B58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: wp-cent.exe, 00000001.00000002.2108102272.00000193791B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://goo.gl/zeJZl.
Source: wp-cent.exe, 00000001.00000002.2101783704.0000019378638000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: wp-cent.exe, 00000001.00000002.2101783704.0000019378638000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: wp-cent.exe, 00000001.00000003.1726171682.00000193788C6000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.00000193788C6000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2101783704.0000019378460000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.00000193788C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: wp-cent.exe, 00000001.00000002.2107906397.0000019378FC0000.00000004.00001000.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2101783704.0000019378460000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es:
Source: wp-cent.exe, 00000000.00000003.1665675078.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1657823281.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687331856.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1665090203.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1670087258.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1660590364.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664094757.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664930402.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1661958900.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEB0000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1663561843.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1662774265.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1685103850.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1659197675.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: wp-cent.exe, 00000000.00000003.1665675078.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1657823281.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687331856.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1665090203.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1670087258.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1660590364.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664094757.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664930402.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1661958900.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEB0000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1663561843.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1662774265.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1685103850.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1659197675.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: wp-cent.exe, 00000000.00000003.1665675078.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1657823281.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687331856.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1665090203.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1670087258.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1660590364.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664094757.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664930402.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1661958900.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1663561843.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1662774265.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1685103850.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1659197675.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683831088.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.000001937899E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/_
Source: wp-cent.exe, 00000001.00000003.1725093384.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727085420.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2107723643.0000019378E90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: wp-cent.exe, 00000001.00000002.2111561833.00007FFDF98FA000.00000002.00000001.01000000.0000001E.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: wp-cent.exe, 00000001.00000002.2101783704.0000019378638000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: wp-cent.exe, 00000001.00000002.2111561833.00007FFDF98FA000.00000002.00000001.01000000.0000001E.sdmp	String found in binary or memory: http://www.color.org)
Source: wp-cent.exe, 00000001.00000002.2101783704.0000019378620000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: wp-cent.exe, 00000001.00000003.1726171682.0000019378880000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378870000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.000001937887C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: wp-cent.exe, 00000001.00000003.1727638365.00000193789BB000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1725093384.00000193789C0000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1724948002.0000019378B58000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.000001937899E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: wp-cent.exe, 00000001.00000003.1723661754.0000019378638000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2101783704.0000019378638000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: wp-cent.exe, 00000001.00000002.2101665439.0000019378360000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: wp-cent.exe, 00000001.00000002.2101199544.0000019377F20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: wp-cent.exe, 00000001.00000002.2101199544.0000019377F20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: wp-cent.exe, 00000001.00000002.2101199544.0000019377FA4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: wp-cent.exe, 00000001.00000002.2101199544.0000019377F20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: wp-cent.exe, 00000001.00000002.2101199544.0000019377FA4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: wp-cent.exe, 00000001.00000002.2101199544.0000019377F20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: wp-cent.exe, 00000001.00000002.2101199544.0000019377F20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: wp-cent.exe, 00000001.00000002.2101199544.0000019377F20000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: wp-cent.exe, 00000001.00000002.2100986063.0000019376719000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1718570937.0000019376768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: wp-cent.exe, 00000001.00000002.2107270880.0000019378C70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: wp-cent.exe, 00000001.00000003.1726615596.0000019378ADB000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1725093384.0000019378ADB000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: wp-cent.exe, 00000001.00000002.2100986063.0000019376719000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1718570937.0000019376768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: wp-cent.exe, 00000001.00000002.2109444876.00000193799F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
Source: wp-cent.exe, 00000001.00000002.2108102272.0000019379140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/psf/requests/pull/6710
Source: wp-cent.exe, 00000001.00000002.2101199544.0000019377FA4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: wp-cent.exe, 00000001.00000003.1718570937.0000019376768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: wp-cent.exe, 00000001.00000002.2100986063.0000019376719000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1719796534.0000019378146000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1720409653.0000019378149000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1719985516.0000019378150000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1718570937.0000019376768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: wp-cent.exe, 00000001.00000003.1721019637.00000193785B8000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2101783704.0000019378460000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: wp-cent.exe, 00000001.00000002.2103518474.0000019378760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
Source: wp-cent.exe, 00000001.00000002.2100986063.0000019376719000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1719796534.0000019378146000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1720409653.0000019378149000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1719985516.0000019378150000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1718570937.0000019376768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: wp-cent.exe, 00000001.00000002.2107270880.0000019378C70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: wp-cent.exe, 00000001.00000003.1726171682.00000193788C6000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.00000193788C6000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.00000193788C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: wp-cent.exe, 00000001.00000002.2107723643.0000019378E90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: wp-cent.exe, 00000001.00000002.2107723643.0000019378E90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: wp-cent.exe, 00000001.00000003.1725093384.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727085420.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.000001937897C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1726171682.000001937897C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1726615596.0000019378ADB000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.000001937897C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1725093384.0000019378ADB000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: wp-cent.exe, 00000001.00000003.1725093384.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727085420.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.000001937897C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1726171682.000001937897C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.000001937897C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail
Source: wp-cent.exe, 00000001.00000002.2101783704.0000019378460000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail/
Source: wp-cent.exe, 00000001.00000003.1725093384.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727085420.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: wp-cent.exe, 00000001.00000002.2108102272.00000193790F0000.00000004.00001000.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2108102272.0000019379140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: wp-cent.exe, 00000001.00000003.1722756246.00000193781A4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1722489604.000001937850D000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2101783704.000001937850D000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1723661754.000001937850D000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1721752184.000001937850D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: wp-cent.exe, 00000001.00000003.1727711277.000001937887C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://json.org
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B5B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727471039.0000019378B6C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1724948002.0000019378B58000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1726404603.0000019378B73000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mahler:8092/site-updates.py
Source: wp-cent.exe, 00000001.00000002.2103518474.0000019378760000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/dist/v22.11.0/node-v22.11.0-win-x64.zip
Source: wp-cent.exe, 00000001.00000002.2107723643.0000019378E90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadata
Source: wp-cent.exe, 00000001.00000003.1726171682.0000019378880000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378870000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.000001937887C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/#file-format
Source: wp-cent.exe, 00000001.00000003.1726171682.0000019378880000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378870000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.000001937887C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-file
Source: wp-cent.exe, 00000001.00000002.2107409956.0000019378D90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: wp-cent.exe, 00000001.00000002.2102768762.0000019378660000.00000004.00001000.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1718367257.0000019378121000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://peps.python.org/pep-0205/
Source: wp-cent.exe, 00000001.00000002.2115891551.00007FFDFB888000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: https://peps.python.org/pep-0263/
Source: wp-cent.exe, 00000001.00000002.2108102272.0000019379140000.00000004.00001000.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1721752184.000001937850D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: wp-cent.exe, 00000001.00000002.2109444876.00000193799F4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
Source: wp-cent.exe, 00000001.00000003.1726171682.0000019378880000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378870000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.000001937887C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: wp-cent.exe, 00000001.00000003.1722739316.00000193789B1000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1722489604.0000019378638000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1723661754.0000019378638000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2101783704.0000019378638000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1722489604.00000193784C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: wp-cent.exe, 00000001.00000003.1725093384.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1726615596.0000019378ADB000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1725093384.0000019378ADB000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378AE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: wp-cent.exe, 00000001.00000002.2107409956.0000019378D90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: wp-cent.exe, 00000001.00000002.2107409956.0000019378D90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: wp-cent.exe, 00000000.00000003.1665675078.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1657823281.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687331856.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1665090203.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1670087258.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1660590364.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664094757.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1664930402.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1661958900.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEB0000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1663561843.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1662774265.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1685103850.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000000.00000003.1659197675.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: wp-cent.exe, 00000001.00000002.2117860247.00007FFE013D0000.00000002.00000001.01000000.00000014.sdmp, wp-cent.exe, 00000001.00000002.2113418433.00007FFDFA604000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://www.openssl.org/H
Source: wp-cent.exe, 00000001.00000003.1722756246.00000193781A4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1722489604.000001937850D000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2101783704.000001937850D000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1723661754.000001937850D000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1721752184.000001937850D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727471039.0000019378B6C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1724948002.0000019378B58000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1726404603.0000019378B73000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/
Source: wp-cent.exe, 00000001.00000002.2115891551.00007FFDFB888000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.python.org/psf/license/)
Source: wp-cent.exe, 00000001.00000003.1726171682.0000019378880000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378870000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.000001937887C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0
Source: wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: wp-cent.exe, 00000001.00000003.1725093384.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727085420.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.000001937897C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1726171682.000001937897C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.000001937897C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443

Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B685C00	0_2_00007FF62B685C00
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B686964	0_2_00007FF62B686964
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B6689E0	0_2_00007FF62B6689E0
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B6808C8	0_2_00007FF62B6808C8
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B661000	0_2_00007FF62B661000
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B66ACAD	0_2_00007FF62B66ACAD
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B66A474	0_2_00007FF62B66A474
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B675D30	0_2_00007FF62B675D30
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B671B50	0_2_00007FF62B671B50
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B686418	0_2_00007FF62B686418
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B6808C8	0_2_00007FF62B6808C8
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B672C10	0_2_00007FF62B672C10
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B683C10	0_2_00007FF62B683C10
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B67DA5C	0_2_00007FF62B67DA5C
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B66A2DB	0_2_00007FF62B66A2DB
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B6739A4	0_2_00007FF62B6739A4
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B672164	0_2_00007FF62B672164
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B671944	0_2_00007FF62B671944
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B6840AC	0_2_00007FF62B6840AC
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B681874	0_2_00007FF62B681874
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B6780E4	0_2_00007FF62B6780E4
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B678794	0_2_00007FF62B678794
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B671F60	0_2_00007FF62B671F60
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B671740	0_2_00007FF62B671740
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B669800	0_2_00007FF62B669800
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B679EA0	0_2_00007FF62B679EA0
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B685E7C	0_2_00007FF62B685E7C
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B689728	0_2_00007FF62B689728
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B67DEF0	0_2_00007FF62B67DEF0
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B6735A0	0_2_00007FF62B6735A0
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B67E570	0_2_00007FF62B67E570
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B671D54	0_2_00007FF62B671D54
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B686964	1_2_00007FF62B686964
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B661000	1_2_00007FF62B661000
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B66ACAD	1_2_00007FF62B66ACAD
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B66A474	1_2_00007FF62B66A474
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B675D30	1_2_00007FF62B675D30
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B671B50	1_2_00007FF62B671B50
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B686418	1_2_00007FF62B686418
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B6808C8	1_2_00007FF62B6808C8
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B672C10	1_2_00007FF62B672C10
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B683C10	1_2_00007FF62B683C10
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B685C00	1_2_00007FF62B685C00
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B67DA5C	1_2_00007FF62B67DA5C
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B66A2DB	1_2_00007FF62B66A2DB

Source: C:\Users\user\Desktop\wp-cent.exe

Code function: String function: 00007FF62B662710 appears 86 times

Source: C:\Users\user\Desktop\wp-cent.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7536 -s 980

Source: unicodedata.pyd.0.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: python3.dll.0.dr

Static PE information: No import functions for PE file found

Source: wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqico.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1657823281.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Core.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1687331856.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwindowsvistastyle.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1665090203.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5WebSockets.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1670087258.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibGLESv2.dll4 vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1666997016.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1660590364.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Gui.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1664930402.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Svg.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1661958900.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Network.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqgif.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1657007278.0000020B0DEA1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dllT vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtga.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtiff.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibEGL.dll. vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1663561843.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5QmlModels.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqxdgdesktopportal.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqtuiotouchplugin.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1662774265.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5Qml.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1685103850.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwebp.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1659197675.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQt5DBus.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1683831088.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqsvgicon.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1686704864.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwindows.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1686177264.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwebgl.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1685530841.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqminimal.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1684028473.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqicns.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1684972855.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqwbmp.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1657238199.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp140_1.dllT vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1666864223.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1684499010.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqsvg.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1684291952.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqjpeg.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000000.00000003.1685894397.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameqoffscreen.dll( vs wp-cent.exe
Source: wp-cent.exe	Binary or memory string: OriginalFilename vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2122498402.00007FFE148E6000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: OriginalFilenamemsvcp140_1.dllT vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2120920460.00007FFE120C6000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2117655095.00007FFE0082C000.00000002.00000001.01000000.0000001A.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2100962151.0000019376620000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilenamepython3.dll. vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2120439286.00007FFE11EE3000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2117860247.00007FFE013D0000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: OriginalFilenamelibsslH vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2122100650.00007FFE13209000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2111886513.00007FFDF9B79000.00000002.00000001.01000000.0000001E.sdmp	Binary or memory string: OriginalFilenameQt5Gui.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2122733096.00007FFE1A46E000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2116844678.00007FFDFBAC0000.00000002.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenamepython313.dll. vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2118545572.00007FFE0E182000.00000002.00000001.01000000.00000021.sdmp	Binary or memory string: OriginalFilenameqwindowsvistastyle.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2119973505.00007FFE11EB3000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2117332202.00007FFE0055B000.00000002.00000001.01000000.00000020.sdmp	Binary or memory string: OriginalFilenameqwindows.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2113418433.00007FFDFA604000.00000002.00000001.01000000.00000015.sdmp	Binary or memory string: OriginalFilenamelibcryptoH vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2121361295.00007FFE12E1D000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2122954865.00007FFE1A4BA000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2122294106.00007FFE13222000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2118278561.00007FFE0146F000.00000002.00000001.01000000.0000000D.sdmp	Binary or memory string: OriginalFilenamemsvcp140.dllT vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2101471655.00000193781B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameD3D10Warp.dllj% vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2121763574.00007FFE130C6000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2112465334.00007FFDFA0C3000.00000002.00000001.01000000.0000001D.sdmp	Binary or memory string: OriginalFilenameQt5Widgets.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2115027496.00007FFDFB190000.00000002.00000001.01000000.0000000C.sdmp	Binary or memory string: OriginalFilenameQt5Core.dll( vs wp-cent.exe
Source: wp-cent.exe, 00000001.00000002.2119212703.00007FFE1026A000.00000002.00000001.01000000.00000013.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs wp-cent.exe

Source: Qt5Core.dll.0.dr

Static PE information: Section: .qtmimed ZLIB complexity 0.997458770800317

Source: classification engine

Classification label: mal64.troj.spyw.evad.winEXE@13/142@1/1

Source: C:\Users\user\Desktop\wp-cent.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7768:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7620:120:WilError_03
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7536

Source: C:\Users\user\Desktop\wp-cent.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI74762

Jump to behavior

Source: wp-cent.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\wp-cent.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\wp-cent.exe

File read: C:\Users\user\Desktop\wp-cent.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\wp-cent.exe "C:\Users\user\Desktop\wp-cent.exe"
Source: C:\Users\user\Desktop\wp-cent.exe	Process created: C:\Users\user\Desktop\wp-cent.exe "C:\Users\user\Desktop\wp-cent.exe"
Source: C:\Users\user\Desktop\wp-cent.exe	Process created: C:\Windows\System32\systeminfo.exe systeminfo
Source: C:\Windows\System32\systeminfo.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\systeminfo.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\Desktop\wp-cent.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer
Source: C:\Users\user\Desktop\wp-cent.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7536 -s 980
Source: C:\Users\user\Desktop\wp-cent.exe	Process created: C:\Users\user\Desktop\wp-cent.exe "C:\Users\user\Desktop\wp-cent.exe"	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process created: C:\Windows\System32\systeminfo.exe systeminfo	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer	Jump to behavior

Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: libffi-8.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: qt5core.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: msvcp140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: libcrypto-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: libssl-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: libcrypto-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: qt5widgets.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: qt5gui.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: esscli.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll	Jump to behavior

Source: C:\Users\user\Desktop\wp-cent.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\wp-cent.exe

Process created: C:\Windows\System32\systeminfo.exe systeminfo

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: wp-cent.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: wp-cent.exe

Static file information: File size 38727845 > 1048576

Source: wp-cent.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: wp-cent.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: wp-cent.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: wp-cent.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: wp-cent.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: wp-cent.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: wp-cent.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: wp-cent.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdbBB source: wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platformthemes\qxdgdesktopportal.pdb source: wp-cent.exe, 00000000.00000003.1687162347.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb source: wp-cent.exe, 00000000.00000003.1683831088.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtsvg\plugins\imageformats\qsvg.pdb source: wp-cent.exe, 00000000.00000003.1684499010.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: wp-cent.exe, 00000001.00000002.2117452508.00007FFE00827000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: wp-cent.exe, 00000000.00000003.1657238199.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2122446731.00007FFE148E3000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb\| source: wp-cent.exe, 00000001.00000002.2113080912.00007FFDFA55A000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdbDD source: wp-cent.exe, 00000001.00000002.2117792891.00007FFE01395000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdb source: wp-cent.exe, 00000001.00000002.2114688112.00007FFDFB0B6000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: wp-cent.exe, 00000001.00000002.2118141429.00007FFE01435000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtiff.pdb source: wp-cent.exe, 00000000.00000003.1684769071.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qgif.pdb source: wp-cent.exe, 00000000.00000003.1683927697.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL \|\| WITHIN_ARENA(temp->next)assertion failed: (char *)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qtga.pdb source: wp-cent.exe, 00000000.00000003.1684621996.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: wp-cent.exe, 00000001.00000002.2113080912.00007FFDFA4C2000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: wp-cent.exe, 00000001.00000002.2122861507.00007FFE1A4B4000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: wp-cent.exe, 00000001.00000002.2122861507.00007FFE1A4B4000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb source: wp-cent.exe, 00000001.00000002.2113080912.00007FFDFA55A000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: wp-cent.exe, 00000000.00000003.1666997016.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2121978456.00007FFE13205000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qicns.pdb source: wp-cent.exe, 00000000.00000003.1684028473.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: wp-cent.exe, 00000001.00000002.2121602719.00007FFE130C3000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb%% source: wp-cent.exe, 00000001.00000002.2118452224.00007FFE0E177000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\styles\qwindowsvistastyle.pdb source: wp-cent.exe, 00000001.00000002.2118452224.00007FFE0E177000.00000002.00000001.01000000.00000021.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: wp-cent.exe, 00000001.00000002.2122633721.00007FFE1A463000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwebp.pdb source: qwebp.dll.0.dr
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: wp-cent.exe, 00000001.00000002.2121200623.00007FFE12E16000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\imageformats\qico.pdb source: wp-cent.exe, 00000000.00000003.1684122407.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: wp-cent.exe, 00000001.00000002.2120167705.00007FFE11EDB000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\generic\qtuiotouchplugin.pdb source: wp-cent.exe, 00000000.00000003.1683707655.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Core.pdbT source: wp-cent.exe, 00000001.00000002.2114688112.00007FFDFB0B6000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: wp-cent.exe, 00000001.00000002.2120761537.00007FFE120C3000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Gui.pdb source: wp-cent.exe, 00000001.00000002.2111561833.00007FFDF98FA000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: wp-cent.exe, 00000001.00000002.2120167705.00007FFE11EDB000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: wp-cent.exe, 00000001.00000002.2122214479.00007FFE1321D000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\Qt5Widgets.pdb source: wp-cent.exe, 00000001.00000002.2112222114.00007FFDF9EFA000.00000002.00000001.01000000.0000001D.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\plugins\platforms\qwindows.pdb source: wp-cent.exe, 00000001.00000002.2117124373.00007FFE004F4000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: wp-cent.exe, 00000001.00000002.2119883818.00007FFE11EA9000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtimageformats\plugins\imageformats\qwbmp.pdb source: wp-cent.exe, 00000000.00000003.1684972855.0000020B0DEA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: wp-cent.exe, 00000001.00000002.2100962151.0000019376620000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: C:\Users\qt\work\qt\qtbase\lib\libEGL.pdb source: wp-cent.exe, 00000000.00000003.1669703436.0000020B0DEA4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python313.pdb source: wp-cent.exe, 00000001.00000002.2115891551.00007FFDFB888000.00000002.00000001.01000000.00000004.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdb source: wp-cent.exe, 00000001.00000002.2117792891.00007FFE01395000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: wp-cent.exe, 00000000.00000003.1666864223.0000020B0DEA3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: wp-cent.exe, 00000001.00000002.2118970994.00007FFE1024E000.00000002.00000001.01000000.00000013.sdmp

Source: wp-cent.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: wp-cent.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: wp-cent.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: wp-cent.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: wp-cent.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: VCRUNTIME140.dll.0.dr

Static PE information: 0x78BDDED1 [Sat Mar 11 17:01:05 2034 UTC]

Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: fothk
Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: _RDATA
Source: VCRUNTIME140.dll0.0.dr	Static PE information: section name: _RDATA
Source: opengl32sw.dll.0.dr	Static PE information: section name: _RDATA
Source: qtuiotouchplugin.dll.0.dr	Static PE information: section name: .qtmetad
Source: qsvgicon.dll.0.dr	Static PE information: section name: .qtmetad
Source: MSVCP140.dll.0.dr	Static PE information: section name: .didat
Source: Qt5Core.dll.0.dr	Static PE information: section name: .qtmimed
Source: libcrypto-3.dll.0.dr	Static PE information: section name: .00cfg
Source: qgif.dll.0.dr	Static PE information: section name: .qtmetad
Source: qicns.dll.0.dr	Static PE information: section name: .qtmetad
Source: qico.dll.0.dr	Static PE information: section name: .qtmetad
Source: qjpeg.dll.0.dr	Static PE information: section name: .qtmetad
Source: qsvg.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtga.dll.0.dr	Static PE information: section name: .qtmetad
Source: qtiff.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwbmp.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwebp.dll.0.dr	Static PE information: section name: .qtmetad
Source: qminimal.dll.0.dr	Static PE information: section name: .qtmetad
Source: libssl-3.dll.0.dr	Static PE information: section name: .00cfg
Source: python313.dll.0.dr	Static PE information: section name: PyRuntim
Source: qoffscreen.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwebgl.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwindows.dll.0.dr	Static PE information: section name: .qtmetad
Source: qxdgdesktopportal.dll.0.dr	Static PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.0.dr	Static PE information: section name: .qtmetad

Persistence and Installation Behavior

Found pyInstaller with non standard icon

Source: C:\Users\user\Desktop\wp-cent.exe

Process created: "C:\Users\user\Desktop\wp-cent.exe"

Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\python313.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qminimal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Svg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\QtCore.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Quick.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Qml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\charset_normalizer\md.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\libcrypto-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\sip.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\QtGui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Widgets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5QmlModels.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\MSVCP140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\QtWidgets.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qwebgl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\VCRUNTIME140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5DBus.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\MSVCP140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\charset_normalizer\md__mypyc.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\libssl-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5WebSockets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Gui.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Core.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI74762\libffi-8.dll	Jump to dropped file

Source: C:\Users\user\Desktop\wp-cent.exe

Code function: 0_2_00007FF62B665830 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,

0_2_00007FF62B665830

Source: C:\Users\user\Desktop\wp-cent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\systeminfo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Windows\System32\systeminfo.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter

Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\python313.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qminimal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Svg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\psutil\_psutil_windows.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\python3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\_wmi.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qgif.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Quick.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\QtCore.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Qml.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\charset_normalizer\md.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qwebp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\sip.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\QtGui.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qtiff.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qtga.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\opengl32sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5QmlModels.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\QtWidgets.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qwebgl.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Network.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5DBus.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\charset_normalizer\md__mypyc.cp313-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qsvg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qico.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qicns.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5WebSockets.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qwindows.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\wp-cent.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI74762\_ctypes.pyd	Jump to dropped file

Source: C:\Users\user\Desktop\wp-cent.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_0-17221

Source: C:\Windows\System32\systeminfo.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Source: C:\Windows\System32\wbem\WMIC.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer FROM Win32_ComputerSystem

Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B6683C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00007FF62B6683C0
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B669280 FindFirstFileExW,FindClose,	0_2_00007FF62B669280
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B681874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF62B681874
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B669280 FindFirstFileExW,FindClose,	1_2_00007FF62B669280
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B6683C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	1_2_00007FF62B6683C0

Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI74762\	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	File opened: C:\Users\user\	Jump to behavior

Source: wp-cent.exe, 00000001.00000002.2103518474.0000019378760000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: fQEMU
Source: wp-cent.exe, 00000001.00000003.1722489604.0000019378638000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1723661754.0000019378638000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1721752184.0000019378611000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: QEMUr
Source: wp-cent.exe, 00000001.00000002.2109887979.0000019379B20000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: :a;&HgfsetAccessibleName
Source: wp-cent.exe, 00000001.00000003.1723020047.00000193788D2000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1726171682.00000193788C6000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1723542694.00000193788D2000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.00000193788C6000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.00000193788C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: wp-cent.exe, 00000001.00000003.1723020047.000001937889D000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1723542694.000001937889B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWJI:z
Source: wp-cent.exe, 00000001.00000002.2108833913.000001937938F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Requirements: VM Monitor Mode Extensions: No
Source: wp-cent.exe, 00000001.00000002.2111798923.00007FFDF9B68000.00000008.00000001.01000000.0000001E.sdmp	Binary or memory string: .?AVQEmulationPaintEngine@@

Source: C:\Users\user\Desktop\wp-cent.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\wp-cent.exe

Code function: 0_2_00007FF62B66D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF62B66D12C

Source: C:\Users\user\Desktop\wp-cent.exe

Code function: 0_2_00007FF62B683480 GetProcessHeap,

0_2_00007FF62B683480

Source: C:\Users\user\Desktop\wp-cent.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B66D30C SetUnhandledExceptionFilter,	0_2_00007FF62B66D30C
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B66C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF62B66C8A0
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B66D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF62B66D12C
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 0_2_00007FF62B67A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF62B67A614
Source: C:\Users\user\Desktop\wp-cent.exe	Code function: 1_2_00007FF62B66D30C SetUnhandledExceptionFilter,	1_2_00007FF62B66D30C

Source: C:\Users\user\Desktop\wp-cent.exe	Process created: C:\Users\user\Desktop\wp-cent.exe "C:\Users\user\Desktop\wp-cent.exe"	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process created: C:\Windows\System32\systeminfo.exe systeminfo	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get manufacturer	Jump to behavior

Source: C:\Users\user\Desktop\wp-cent.exe

Code function: 0_2_00007FF62B689570 cpuid

0_2_00007FF62B689570

Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\certifi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\_ctypes.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\QtCore.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\sip.cp313-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\_socket.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\select.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\_hashlib.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\charset_normalizer\md.cp313-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\charset_normalizer VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\charset_normalizer\md__mypyc.cp313-win_amd64.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\unicodedata.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\certifi VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\psutil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\psutil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\psutil VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\psutil\_psutil_windows.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\QtWidgets.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\QtGui.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qminimal.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\Desktop\wp-cent.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\wp-cent.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI74762 VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\wp-cent.exe

Code function: 0_2_00007FF62B66D010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF62B66D010

Source: C:\Users\user\Desktop\wp-cent.exe

Code function: 0_2_00007FF62B685C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF62B685C00

Stealing of Sensitive Information

Yara detected Python BackDoor

Source: Yara match	File source: 00000001.00000003.1722489604.0000019378638000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1723661754.0000019378638000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2101783704.0000019378638000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1721752184.0000019378611000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wp-cent.exe PID: 7536, type: MEMORYSTR

Opens network shares

Source: C:\Users\user\Desktop\wp-cent.exe

File opened: \\Mac\shared\projects\loader\src\dropper\src\tmp\_main.py

Jump to behavior

Remote Access Functionality

Yara detected Python BackDoor

Source: Yara match	File source: 00000001.00000003.1722489604.0000019378638000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1723661754.0000019378638000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2101783704.0000019378638000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1721752184.0000019378611000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wp-cent.exe PID: 7536, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	131 Windows Management Instrumentation	1 DLL Side-Loading	11 Process Injection	12 Virtualization/Sandbox Evasion	OS Credential Dumping	1 Network Share Discovery	Remote Services	1 Archive Collected Data	12 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Process Injection	LSASS Memory	2 System Time Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	141 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	12 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	1 Process Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Timestomp	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	44 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
wp-cent.exe	6%	ReversingLabs	Win64.Malware.Generic

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\MSVCP140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\MSVCP140_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Core.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5DBus.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Gui.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Network.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Qml.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5QmlModels.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Quick.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Svg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5WebSockets.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Widgets.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\VCRUNTIME140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\VCRUNTIME140_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\d3dcompiler_47.dll	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\libEGL.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\libGLESv2.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\opengl32sw.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qgif.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qicns.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qico.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qjpeg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qsvg.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qtga.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qtiff.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qwbmp.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qwebp.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qminimal.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qoffscreen.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qwebgl.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qwindows.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\QtCore.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\QtGui.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\QtWidgets.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\sip.cp313-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\VCRUNTIME140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\VCRUNTIME140_1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\_bz2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\_ctypes.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\_decimal.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\_hashlib.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\_lzma.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\_queue.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\_socket.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\_ssl.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\_wmi.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\charset_normalizer\md.cp313-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\charset_normalizer\md__mypyc.cp313-win_amd64.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\libcrypto-3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\libffi-8.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI74762\libssl-3.dll	0%	ReversingLabs

Name	IP	Active	Malicious	Antivirus Detection	Reputation
nodejs.org	104.20.22.46	true	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://google.com/	wp-cent.exe, 00000001.00000002.2101783704.0000019378638000.00000004.00000020.00020000.00000000.sdmp	false	high
https://mahler:8092/site-updates.py	wp-cent.exe, 00000001.00000002.2104387744.0000019378B5B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727471039.0000019378B6C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1724948002.0000019378B58000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1726404603.0000019378B73000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
http://crl.securetrust.com/SGCA.crl	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/giampaolo/psutil/issues/875.	wp-cent.exe, 00000001.00000002.2109444876.00000193799F4000.00000004.00001000.00020000.00000000.sdmp	false	high
http://.../back.jpeg	wp-cent.exe, 00000001.00000002.2107906397.0000019378FC0000.00000004.00001000.00020000.00000000.sdmp	false	high
https://tools.ietf.org/html/rfc7231#section-4.3.6)	wp-cent.exe, 00000001.00000003.1722739316.00000193789B1000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1722489604.0000019378638000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1723661754.0000019378638000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2101783704.0000019378638000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1722489604.00000193784C8000.00000004.00000020.00020000.00000000.sdmp	false	high
https://httpbin.org/post	wp-cent.exe, 00000001.00000003.1722756246.00000193781A4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1722489604.000001937850D000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2101783704.000001937850D000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1723661754.000001937850D000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1721752184.000001937850D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source	wp-cent.exe, 00000001.00000002.2101199544.0000019377FA4000.00000004.00001000.00020000.00000000.sdmp	false	high
https://github.com/Ousret/charset_normalizer	wp-cent.exe, 00000001.00000003.1726615596.0000019378ADB000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1725093384.0000019378ADB000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
http://www.firmaprofesional.com/cps0	wp-cent.exe, 00000001.00000002.2101783704.0000019378620000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
http://repository.swisssign.com/0	wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec	wp-cent.exe, 00000001.00000002.2101199544.0000019377F20000.00000004.00001000.00020000.00000000.sdmp	false	high
https://nodejs.org/dist/v22.11.0/node-v22.11.0-win-x64.zip	wp-cent.exe, 00000001.00000002.2103518474.0000019378760000.00000004.00001000.00020000.00000000.sdmp	false	high
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#	wp-cent.exe, 00000001.00000002.2100986063.0000019376719000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1719796534.0000019378146000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1720409653.0000019378149000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1719985516.0000019378150000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1718570937.0000019376768000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/urllib3/urllib3/issues/2920	wp-cent.exe, 00000001.00000002.2107723643.0000019378E90000.00000004.00001000.00020000.00000000.sdmp	false	high
http://crl.securetrust.com/SGCA.crl0	wp-cent.exe, 00000001.00000002.2104387744.0000019378870000.00000004.00000020.00020000.00000000.sdmp	false	high
https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data	wp-cent.exe, 00000001.00000002.2100986063.0000019376719000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1718570937.0000019376768000.00000004.00000020.00020000.00000000.sdmp	false	high
https://yahoo.com/	wp-cent.exe, 00000001.00000003.1725093384.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727085420.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.000001937897C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1726171682.000001937897C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.000001937897C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-file	wp-cent.exe, 00000001.00000003.1726171682.0000019378880000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378870000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.000001937887C000.00000004.00000020.00020000.00000000.sdmp	false	high
http://crl.securetrust.com/STCA.crl0	wp-cent.exe, 00000001.00000002.2104387744.0000019378870000.00000004.00000020.00020000.00000000.sdmp	false	high
http://goo.gl/zeJZl.	wp-cent.exe, 00000001.00000002.2108102272.00000193791B0000.00000004.00001000.00020000.00000000.sdmp	false	high
https://tools.ietf.org/html/rfc2388#section-4.4	wp-cent.exe, 00000001.00000003.1726171682.0000019378880000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378870000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.000001937887C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64	wp-cent.exe, 00000001.00000003.1723661754.0000019378638000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2101783704.0000019378638000.00000004.00000020.00020000.00000000.sdmp	false	high
http://repository.swisssign.com/_	wp-cent.exe, 00000001.00000002.2104387744.0000019378AE3000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6	wp-cent.exe, 00000001.00000003.1726171682.0000019378880000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378870000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.000001937887C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://packaging.python.org/en/latest/specifications/entry-points/#file-format	wp-cent.exe, 00000001.00000003.1726171682.0000019378880000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378870000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.000001937887C000.00000004.00000020.00020000.00000000.sdmp	false	high
http://crl.xrampsecurity.com/XGCA.crlf	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
https://html.spec.whatwg.org/multipage/	wp-cent.exe, 00000001.00000003.1725093384.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727085420.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp	false	high
http://www.quovadisglobal.com/cps0	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings	wp-cent.exe, 00000001.00000002.2107409956.0000019378D90000.00000004.00001000.00020000.00000000.sdmp	false	high
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.rfc-editor.org/rfc/rfc8259#section-8.1	wp-cent.exe, 00000001.00000003.1726171682.0000019378880000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378870000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.000001937887C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963	wp-cent.exe, 00000001.00000002.2107270880.0000019378C70000.00000004.00001000.00020000.00000000.sdmp	false	high
https://requests.readthedocs.io	wp-cent.exe, 00000001.00000002.2108102272.0000019379140000.00000004.00001000.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1721752184.000001937850D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://peps.python.org/pep-0205/	wp-cent.exe, 00000001.00000002.2102768762.0000019378660000.00000004.00001000.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1718367257.0000019378121000.00000004.00000020.00020000.00000000.sdmp	false	high
http://crl.dhimyotis.com/certignarootca.crl	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
http://curl.haxx.se/rfc/cookie_spec.html	wp-cent.exe, 00000001.00000002.2107906397.0000019378FC0000.00000004.00001000.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1724948002.0000019378B58000.00000004.00000020.00020000.00000000.sdmp	false	high
http://ocsp.accv.es	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
https://wwww.certigna.fr/autorites/0	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://repository.swisssign.com/	wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.000001937899E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename	wp-cent.exe, 00000001.00000002.2101199544.0000019377F20000.00000004.00001000.00020000.00000000.sdmp	false	high
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy	wp-cent.exe, 00000001.00000002.2107409956.0000019378D90000.00000004.00001000.00020000.00000000.sdmp	false	high
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688	wp-cent.exe, 00000001.00000002.2101199544.0000019377FA4000.00000004.00001000.00020000.00000000.sdmp	false	high
https://httpbin.org/get	wp-cent.exe, 00000001.00000002.2108102272.00000193790F0000.00000004.00001000.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2108102272.0000019379140000.00000004.00001000.00020000.00000000.sdmp	false	high
http://crl.xrampsecurity.com/XGCA.crl	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.python.org	wp-cent.exe, 00000001.00000003.1722756246.00000193781A4000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1722489604.000001937850D000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2101783704.000001937850D000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1723661754.000001937850D000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1721752184.000001937850D000.00000004.00000020.00020000.00000000.sdmp	false	high
http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/	wp-cent.exe, 00000001.00000003.1725093384.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727085420.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp	false	high
http://ocsp.accv.es:	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://www.accv.es/legislacion_c.htm0U	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
http://www.aiim.org/pdfa/ns/id/	wp-cent.exe, 00000001.00000002.2111561833.00007FFDF98FA000.00000002.00000001.01000000.0000001E.sdmp	false	high
https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code	wp-cent.exe, 00000001.00000002.2101199544.0000019377F20000.00000004.00001000.00020000.00000000.sdmp	false	high
https://wwww.certigna.fr/autorites/0m	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
http://ocsp.accv.es0	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.python.org/	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727471039.0000019378B6C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1724948002.0000019378B58000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1726404603.0000019378B73000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	wp-cent.exe, 00000001.00000002.2100986063.0000019376719000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1719796534.0000019378146000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1720409653.0000019378149000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1719985516.0000019378150000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1718570937.0000019376768000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/python/cpython/issues/86361.	wp-cent.exe, 00000001.00000003.1721019637.00000193785B8000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2101783704.0000019378460000.00000004.00000020.00020000.00000000.sdmp	false	high
https://json.org	wp-cent.exe, 00000001.00000003.1727711277.000001937887C000.00000004.00000020.00020000.00000000.sdmp	false	high
http://mail.python.org/pipermail/python-dev/2012-June/120787.html.	wp-cent.exe, 00000001.00000002.2107906397.0000019378FC0000.00000004.00001000.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2101783704.0000019378460000.00000004.00000020.00020000.00000000.sdmp	false	high
https://httpbin.org/	wp-cent.exe, 00000001.00000002.2104387744.0000019378AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://wwww.certigna.fr/autorites/	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module	wp-cent.exe, 00000001.00000002.2101199544.0000019377F20000.00000004.00001000.00020000.00000000.sdmp	false	high
https://docs.python.org/3/howto/mro.html.	wp-cent.exe, 00000001.00000002.2101665439.0000019378360000.00000004.00001000.00020000.00000000.sdmp	false	high
https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package	wp-cent.exe, 00000001.00000002.2101199544.0000019377F20000.00000004.00001000.00020000.00000000.sdmp	false	high
https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches	wp-cent.exe, 00000001.00000002.2101199544.0000019377F20000.00000004.00001000.00020000.00000000.sdmp	false	high
https://twitter.com/	wp-cent.exe, 00000001.00000003.1725093384.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1726615596.0000019378ADB000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1725093384.0000019378ADB000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://stackoverflow.com/questions/4457745#4457745.	wp-cent.exe, 00000001.00000002.2109444876.00000193799F4000.00000004.00001000.00020000.00000000.sdmp	false	high
http://www.color.org)	wp-cent.exe, 00000001.00000002.2111561833.00007FFDF98FA000.00000002.00000001.01000000.0000001E.sdmp	false	high
http://www.quovadisglobal.com/cps	wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp	false	high
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535	wp-cent.exe, 00000001.00000003.1726171682.00000193788C6000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.00000193788C6000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2101783704.0000019378460000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.00000193788C6000.00000004.00000020.00020000.00000000.sdmp	false	high
https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module	wp-cent.exe, 00000001.00000002.2101199544.0000019377FA4000.00000004.00001000.00020000.00000000.sdmp	false	high
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy	wp-cent.exe, 00000001.00000002.2100986063.0000019376719000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1718570937.0000019376768000.00000004.00000020.00020000.00000000.sdmp	false	high
https://google.com/	wp-cent.exe, 00000001.00000003.1725093384.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727085420.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.000001937897C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1726171682.000001937897C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1726615596.0000019378ADB000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.000001937897C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1725093384.0000019378ADB000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378AE3000.00000004.00000020.00020000.00000000.sdmp	false	high
https://google.com/mail/	wp-cent.exe, 00000001.00000002.2101783704.0000019378460000.00000004.00000020.00020000.00000000.sdmp	false	high
https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadata	wp-cent.exe, 00000001.00000002.2107723643.0000019378E90000.00000004.00001000.00020000.00000000.sdmp	false	high
http://google.com/mail/	wp-cent.exe, 00000001.00000002.2101783704.0000019378638000.00000004.00000020.00020000.00000000.sdmp	false	high
http://crl.securetrust.com/STCA.crl	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
http://wwwsearch.sf.net/):	wp-cent.exe, 00000001.00000003.1727638365.00000193789BB000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1725093384.00000193789C0000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1724948002.0000019378B58000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.000001937899E000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/python/importlib_metadata/wiki/Development-Methodology	wp-cent.exe, 00000001.00000002.2103518474.0000019378760000.00000004.00001000.00020000.00000000.sdmp	false	high
https://github.com/urllib3/urllib3/issues/3290	wp-cent.exe, 00000001.00000002.2107723643.0000019378E90000.00000004.00001000.00020000.00000000.sdmp	false	high
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
http://www.accv.es/legislacion_c.htm	wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
http://tools.ietf.org/html/rfc6125#section-6.4.3	wp-cent.exe, 00000001.00000003.1725093384.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727085420.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2107723643.0000019378E90000.00000004.00001000.00020000.00000000.sdmp	false	high
http://crl.xrampsecurity.com/XGCA.crl0	wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.openssl.org/H	wp-cent.exe, 00000001.00000002.2117860247.00007FFE013D0000.00000002.00000001.01000000.00000014.sdmp, wp-cent.exe, 00000001.00000002.2113418433.00007FFDFA604000.00000002.00000001.01000000.00000015.sdmp	false	high
http://crl.certigna.fr/certignarootca.crl01	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
http://www.cert.fnmt.es/dpcs/	wp-cent.exe, 00000001.00000002.2101783704.0000019378638000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
https://google.com/mail	wp-cent.exe, 00000001.00000003.1725093384.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727085420.0000019378A20000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.000001937897C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1726171682.000001937897C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.0000019378A1C000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.000001937897C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://packaging.python.org/specifications/entry-points/	wp-cent.exe, 00000001.00000002.2107409956.0000019378D90000.00000004.00001000.00020000.00000000.sdmp	false	high
http://www.accv.es00	wp-cent.exe, 00000001.00000002.2104387744.0000019378B7B000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1753436355.0000019378B75000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1752171067.0000019378B6B000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.python.org/psf/license/)	wp-cent.exe, 00000001.00000002.2115891551.00007FFDFB888000.00000002.00000001.01000000.00000004.sdmp	false	high
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py	wp-cent.exe, 00000001.00000003.1718570937.0000019376768000.00000004.00000020.00020000.00000000.sdmp	false	high
https://peps.python.org/pep-0263/	wp-cent.exe, 00000001.00000002.2115891551.00007FFDFB888000.00000002.00000001.01000000.00000004.sdmp	false	high
https://foss.heptapod.net/pypy/pypy/-/issues/3539	wp-cent.exe, 00000001.00000002.2107270880.0000019378C70000.00000004.00001000.00020000.00000000.sdmp	false	high
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.	wp-cent.exe, 00000001.00000003.1726171682.00000193788C6000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000003.1727711277.00000193788C6000.00000004.00000020.00020000.00000000.sdmp, wp-cent.exe, 00000001.00000002.2104387744.00000193788C6000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/psf/requests/pull/6710	wp-cent.exe, 00000001.00000002.2108102272.0000019379140000.00000004.00001000.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.20.22.46	nodejs.org	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1578474
Start date and time:	2024-12-19 19:19:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	wp-cent.exe
Detection:	MAL
Classification:	mal64.troj.spyw.evad.winEXE@13/142@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.189.173.21, 20.190.181.6, 20.109.210.53, 13.107.246.63
Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtProtectVirtualMemory calls found.
VT rate limit hit for: wp-cent.exe

Simulations

Behavior and APIs

Time	Type	Description
13:20:10	API Interceptor	1x Sleep call for process: wp-cent.exe modified
13:20:10	API Interceptor	1x Sleep call for process: WMIC.exe modified
13:20:44	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.20.22.46	WTvNL75dCr.exe	Get hash	malicious	Python BackDoor	Browse
	WTvNL75dCr.exe	Get hash	malicious	Python BackDoor	Browse
	wmdqEYgW2i.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	Bootstrapper.exe	Get hash	malicious	Unknown	Browse
	download.ps1	Get hash	malicious	Python BackDoor	Browse
	y3x8pjQ1Ci.exe	Get hash	malicious	Unknown	Browse
	download.ps1	Get hash	malicious	Unknown	Browse
	download.ps1	Get hash	malicious	Unknown	Browse
	download.ps1	Get hash	malicious	Unknown	Browse
	check.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
nodejs.org	WTvNL75dCr.exe	Get hash	malicious	Python BackDoor	Browse	104.20.22.46
	WTvNL75dCr.exe	Get hash	malicious	Python BackDoor	Browse	104.20.22.46
	wmdqEYgW2i.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	104.20.22.46
	Bootstrapper.exe	Get hash	malicious	Unknown	Browse	104.20.22.46
	https://f29cc861.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe	Get hash	malicious	HTMLPhisher	Browse	104.20.23.46
	download.ps1	Get hash	malicious	Python BackDoor	Browse	104.20.22.46
	y3x8pjQ1Ci.exe	Get hash	malicious	Unknown	Browse	104.20.22.46
	y3x8pjQ1Ci.exe	Get hash	malicious	Unknown	Browse	104.20.23.46
	download.ps1	Get hash	malicious	Unknown	Browse	104.20.22.46

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	(Lhambright)VWAV.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://usps.com-dscd.top/mum	Get hash	malicious	Unknown	Browse	172.67.202.68
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.67.146
	https://ap1s.net/Dm7jH	Get hash	malicious	Unknown	Browse	172.67.73.44
	EFT Remittance_(Dmorris)CQDM.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	Timesheet ACH-Tbconsulting.November 16, 2024.html	Get hash	malicious	Unknown	Browse	172.66.47.118
	https://whtt.termlicari.ru/HnkNbg/	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://go.eu.sparkpostmail1.com/f/a/lgobNkIfvQXGgmbryxpFvQ~~/AAGCxAA~/RgRpPCorP0QoaHR0cHM6Ly9iZXJhemVsLmNvbS93ZWxsbmVzcy9zb3V0aC9pbmRleFcFc3BjZXVCCmdVK6VZZ3GvOmFSFmV0aGFubG9nYW40M0BnbWFpbC5jb21YBAAAAAE~#a3RhdHJvZUBob3VzaW5nY2VudGVyLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://gmail.net-login.com/Xb1Rnb3pKRC9CUEdpbldIVTREbHhIK1Vza1NvaWlrblBIbkN4aUdCZUt0Y2NlSGJiWmZ2d0M1dTB5dEpRbnRoVDdBVkFTcEJqWGowNVZycWJNWHlIUHlLOG1qS0FvemVPSXpFRFhGcUhmaVU1ekQwMklrVmM0QjVpNmhLaDdoY1I4UlhMcFo1TTJaSFhtaWpiWWFqWGZ5WEg4TnBiOUl4MDI1RFMyWStQRFoyNFo5UFZNUUpmWXBtaUg0Y0FjUG1jejdSVnFVOXJQL2VzdmNLM1lEaWtmRkZnZEk2Vi0tVHFIeU0vOWxTN01YVEtXbS0tTTh5Skh1eEtsc0xTT0J5Rzg2Q2ZJQT09?cid=2330416057%3EOpen	Get hash	malicious	KnowBe4	Browse	104.17.25.14
	https://pdf.ac/3eQ2md	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	104.17.24.14

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\MSVCP140.dll	WTvNL75dCr.exe	Get hash	malicious	Python BackDoor	Browse
	WTvNL75dCr.exe	Get hash	malicious	Python BackDoor	Browse
	FileScanner.exe	Get hash	malicious	Unknown	Browse
	MacAttack.exe	Get hash	malicious	Unknown	Browse
	download.ps1	Get hash	malicious	Python BackDoor	Browse
	y3x8pjQ1Ci.exe	Get hash	malicious	Unknown	Browse
	y3x8pjQ1Ci.exe	Get hash	malicious	Unknown	Browse
	download.ps1	Get hash	malicious	Unknown	Browse
	download.ps1	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_wp-cent.exe_bc6629e2d5aa2b1cefa43aa42ca3b263bf7629_5d48ee1a_3749d6de-3c6c-41b0-9163-95175699e0dd\Report.wer

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.3521570660784863
Encrypted:	false
SSDEEP:	192:WISe96bR0YowrjoR7Zeuv9DnvwF16BPKgSLQdL1WSnUMwnC3MkPMtV8tv1SnYzu8:ce9WSYowrj0vwnS9RzuiFSY4lO8Y
MD5:	74C8057CCE3CD4AF5D1E3B797E1C0E3F
SHA1:	308681B03397204C95EBD2C59881926B01712BE5
SHA-256:	8511C5AE5CBC8D6B38B05449B41B64FCD961D1BBF4A6BE91AF318941A71B5C0A
SHA-512:	2C96AA9EBC05C5A50A36C88619F0D524628E81BAF5BE5B52239F9B71693611CE158C30183FFBD9159CD2903D6FA64AB7655E786E1104797621FB029BBA38046C
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.1.0.6.0.1.6.3.0.5.2.0.0.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.1.0.6.0.1.6.8.0.5.2.1.5.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.7.4.9.d.6.d.e.-.3.c.6.c.-.4.1.b.0.-.9.1.6.3.-.9.5.1.7.5.6.9.9.e.0.d.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.6.c.0.d.a.7.7.-.2.f.9.d.-.4.f.e.d.-.a.2.d.7.-.6.7.6.b.5.2.8.4.b.8.e.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.w.p.-.c.e.n.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.7.0.-.0.0.0.1.-.0.0.1.4.-.f.c.5.d.-.3.0.a.1.4.2.5.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.f.8.d.5.8.8.8.f.8.9.8.3.5.b.8.f.0.0.9.4.c.1.d.f.3.c.e.5.f.2.f.0.0.0.0.f.f.f.f.!.0.0.0.0.8.8.f.c.4.3.1.b.e.e.f.9.0.9.7.4.0.f.0.2.3.e.8.d.e.f.f.e.3.6.8.2.c.4.5.9.c.b.5.c.!.w.p.-.c.e.n.t...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.2././.1.8.:.0.7.:.2.9.:.3.7.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC690.tmp.dmp

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Thu Dec 19 18:20:16 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	133200
Entropy (8bit):	2.0266331980447405
Encrypted:	false
SSDEEP:	384:OQ09HsurHEVC3Q5xmUvIBptXsVVToneQQu1IWJbWHA4Q+Qqfq8QFDO7Gc79Ec:H0Bsurkiq3vQpRsV9DQQuYAdDO7Vxt
MD5:	EAF3044807E4309268B44BAC6C97868C
SHA1:	B253698DA9B6A0F20CF597B043C4BEC1C1AE8DB5
SHA-256:	2D283FD76277E6D556E593D638143370A85EF3C611D27C25F9080CD31EA47069
SHA-512:	AB956E0F10BEB1F678047D5F91BFA27B0207CAAFCB6B502FBA4C0FC1C5742F3CCAC958F674C01B7984FBB51D082532140A9A370F4EC84D75C282129917AB8A6C
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... ........cdg............$............%..8.......$....-......$....\..........`.......8...........T............%..p............-.........../..............................................................................eJ......p0......Lw......................T.......p....cdg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC7D9.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	9358
Entropy (8bit):	3.7036419706344303
Encrypted:	false
SSDEEP:	192:R6l7wVeJgjONV6YldVmkgmfXGpDM89bpEmfAjm:R6lXJKOX6YfVmkgmfXipFf5
MD5:	132799DBB7133F642BB1F7BE82DD6F4D
SHA1:	CF91781A7ED7C0E54067AE3C93EF7D503561A4AF
SHA-256:	3E9B8782C94A40AAC8E9CB36A34F892190EA1CA4D30230D10A96A5CA1B1D3104
SHA-512:	2C5F07133059C65456B39DB8C94E22B544721F7591367625C48D00014523AD35337276EDC9EA6D263DDA297F29A61F0FE9FBACC67A0E40DFF1A24FF6055DDB21
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.3.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC7F9.tmp.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4744
Entropy (8bit):	4.433476172803282
Encrypted:	false
SSDEEP:	48:cvIwWl8zsjJg771I94ecFWpW8VY6Ym8M4JIWDFgHyq8vhWPgLgGz9+d:uIjf9I7Wn7VqJxSHWYPgL1z9+d
MD5:	2DD07DC8A98C308C785A064D37051230
SHA1:	5C77CA64B742EF6DAE136DFF7EC574E3ABBB4A93
SHA-256:	13B0A16DE69A46967091B198F2655016464DD6D7D341AF6C56056213E2657101
SHA-512:	A0C41F868F36C35AEB1D1239AAD0F3F045A65FD90AE413DA28F738404615340B118A5E48198F8DDC330E0F4E259DC6D3AB7422DD1DCC533796866695F188F13F
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="638482" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\MSVCP140.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	590112
Entropy (8bit):	6.461874649448891
Encrypted:	false
SSDEEP:	12288:xI88L4Wu4+oJ+xc39ax5Ms4ETs3rxSvYcRkdQEKZm+jWodEEVh51:xD89rxZfQEKZm+jWodEEP5
MD5:	01B946A2EDC5CC166DE018DBB754B69C
SHA1:	DBE09B7B9AB2D1A61EF63395111D2EB9B04F0A46
SHA-256:	88F55D86B50B0A7E55E71AD2D8F7552146BA26E927230DAF2E26AD3A971973C5
SHA-512:	65DC3F32FAF30E62DFDECB72775DF870AF4C3A32A0BF576ED1AAAE4B16AC6897B62B19E01DC2BF46F46FBE3F475C061F79CBE987EDA583FEE1817070779860E5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: WTvNL75dCr.exe, Detection: malicious, Browse Filename: WTvNL75dCr.exe, Detection: malicious, Browse Filename: FileScanner.exe, Detection: malicious, Browse Filename: MacAttack.exe, Detection: malicious, Browse Filename: download.ps1, Detection: malicious, Browse Filename: y3x8pjQ1Ci.exe, Detection: malicious, Browse Filename: y3x8pjQ1Ci.exe, Detection: malicious, Browse Filename: download.ps1, Detection: malicious, Browse Filename: download.ps1, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........LS..-=..-=..-=.....-=..U...-=..-<.k-=.gB<..-=.gB9..-=.gB>..-=.gB8.=-=.gB=..-=.gB..-=.gB?..-=.Rich.-=.........PE..d.....t^.........." .....@..........."...............................................z....`A.........................................j..h....D..,...............L;...... A......(...@...8...............................0............P.......f..@....................text...,>.......@.................. ..`.rdata..r....P.......D..............@..@.data....:...`..."...N..............@....pdata..L;.......<...p..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\MSVCP140_1.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	31728
Entropy (8bit):	6.499754548353504
Encrypted:	false
SSDEEP:	384:rOY/H1SbuIqnX8ndnWc95gW3C8c+pBj0HRN7bULkcyHRN7rxTO6iuQl9xiv:yYIBqnMdxxWd4urv
MD5:	0FE6D52EB94C848FE258DC0EC9FF4C11
SHA1:	95CC74C64AB80785F3893D61A73B8A958D24DA29
SHA-256:	446C48C1224C289BD3080087FE15D6759416D64F4136ADDF30086ABD5415D83F
SHA-512:	C39A134210E314627B0F2072F4FFC9B2CE060D44D3365D11D8C1FE908B3B9403EBDD6F33E67D556BD052338D0ED3D5F16B54D628E8290FD3A155F55D36019A86
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.{.zl..zl..zl......xl..s...~l.....}l.....xl..zl..Ql......l.....il.....{l.....{l.....{l..Richzl..................PE..d.....t^.........." .........$......p.....................................................`A........................................p>..L....?..x....p.......`..X....:...A......p...P3..8............................3..0............0..@............................text............................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..X....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Core.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6023664
Entropy (8bit):	6.768988071491288
Encrypted:	false
SSDEEP:	98304:hcirJylHYab/6bMJsv6tWKFdu9CLiZxqfg8gwf:+irJylHFb/QMJsv6tWKFdu9CL4xqfg8x
MD5:	817520432A42EFA345B2D97F5C24510E
SHA1:	FEA7B9C61569D7E76AF5EFFD726B7FF6147961E5
SHA-256:	8D2FF4CE9096DDCCC4F4CD62C2E41FC854CFD1B0D6E8D296645A7F5FD4AE565A
SHA-512:	8673B26EC5421FCE8E23ADF720DE5690673BB4CE6116CB44EBCC61BBBEF12C0AD286DFD675EDBED5D8D000EFD7609C81AAE4533180CF4EC9CD5316E7028F7441
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......D.............................UJ......................................................W.....,..................r....................Rich............PE..d...;._.........." ..........-.......-......................................`\.....x.\...`...........................................L..O....T...... \.......U.. ....[......0\..%..,.H.T.....................H.(.....H.0............./.H............................text............................... ..`.rdata..F7%.../..8%.................@..@.data...x....PT..\...6T.............@....pdata... ....U.."....T.............@..@.qtmimed.....0W.......V.............@..P.rsrc........ \.......[.............@..@.reloc...%...0\..&....[.............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5DBus.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	436720
Entropy (8bit):	6.392610185061176
Encrypted:	false
SSDEEP:	6144:ZLvnUJ17UTGOkWHUe/W9TgYMDu96ixMZQ8IlXbKgp8aIDeN:KP7cGOGegTwu96ixMZQtlrPN
MD5:	0E8FF02D971B61B5D2DD1AC4DF01AE4A
SHA1:	638F0B46730884FA036900649F69F3021557E2FE
SHA-256:	1AA70B106A10C86946E23CAA9FC752DC16E29FBE803BBA1F1AB30D1C63EE852A
SHA-512:	7BA616EDE66B16D9F8B2A56C3117DB49A74D59D0D32EAA6958DE57EAC78F14B1C7F2DBBA9EAE4D77937399CF14D44535531BAF6F9DB16F357F8712DFAAE4346A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..............+...../............).....+...O.+....+....O./...O....O..........O.(...Rich..........................PE..d...]._.........." .....\...<.......\..............................................K.....`..........................................h..to...................`...Q..............4.......T.......................(...`...0............p...............................text...yZ.......\.................. ..`.rdata..0....p.......`..............@..@.data...X....@......."..............@....pdata...Q...`...R...2..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Gui.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	7008240
Entropy (8bit):	6.674290383197779
Encrypted:	false
SSDEEP:	49152:9VPhJZWVvpg+za3cFlc61j2VjBW77I4iNlmLPycNRncuUx24LLsXZFC6FOCfDt2/:BJZzI1ZR3U9Cxc22aDACInVc4Z
MD5:	47307A1E2E9987AB422F09771D590FF1
SHA1:	0DFC3A947E56C749A75F921F4A850A3DCBF04248
SHA-256:	5E7D2D41B8B92A880E83B8CC0CA173F5DA61218604186196787EE1600956BE1E
SHA-512:	21B1C133334C7CA7BBBE4F00A689C580FF80005749DA1AA453CCEB293F1AD99F459CA954F54E93B249D406AEA038AD3D44D667899B73014F884AFDBD9C461C14
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......QH^~.)0-.)0-.)0-.Q.-.)0-...-.)0-.F4,.)0-.F3,.)0-.F5,.)0-.F1,.)0-.Y1,.)0-.B5,.)0-.B1,.)0-.)1-m,0-.Y4,.)0-.Y5,\|(0-.Y0,.)0-.Y.-.)0-.).-.)0-.Y2,.)0-Rich.)0-................PE..d....._.........." ......?...+.....X.?.......................................k.....R.k...`.........................................pKK.....d.e.\|....`k.......g.......j......pk..6....F.T................... .F.(.....F.0.............?.p+...........................text...2.?.......?................. ..`.rdata...z&...?..\|&...?.............@..@.data....o... f.......f.............@....pdata........g.......f.............@..@.rsrc........`k.......j.............@..@.reloc...6...pk..8....j.............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Network.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1340400
Entropy (8bit):	6.41486755163134
Encrypted:	false
SSDEEP:	24576:eXPn73RXox1U9M0m+1ffSDY565RzHUY1iaRy95hdGehEM:+7hXU1U95m4ff9A5RviaRy9NGI
MD5:	3569693D5BAE82854DE1D88F86C33184
SHA1:	1A6084ACFD2AA4D32CEDFB7D9023F60EB14E1771
SHA-256:	4EF341AE9302E793878020F0740B09B0F31CB380408A697F75C69FDBD20FC7A1
SHA-512:	E5EFF4A79E1BDAE28A6CA0DA116245A9919023560750FC4A087CDCD0AB969C2F0EEEC63BBEC2CD5222D6824A01DD27D2A8E6684A48202EA733F9BB2FAB048B32
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........Yt..7'..7'..7'...'..7'..3&..7'}.3&..7'}.4&..7'}.2&..7'}.6&..7'..6&..7'0.6&..7'..6'c.7'0.2&2.7'0.7&..7'0..'..7'...'..7'0.5&..7'Rich..7'........................PE..d....._.........." .................................................................c....`......................................... ....n..,...h....................X..........,.......T...................p...(...@...0............................................text...C........................... ..`.rdata...g.......h..................@..@.data...XN...@...2... ..............@....pdata...............R..............@..@.rsrc................>..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Qml.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3591664
Entropy (8bit):	6.333693598000157
Encrypted:	false
SSDEEP:	98304:iPnt09+kVh2NrSdSG779LLLS/o/L4YqoY0Xba+mRRH2T:iPnt2ZVhT
MD5:	D055566B5168D7B1D4E307C41CE47C4B
SHA1:	043C0056E9951DA79EC94A66A784972532DC18EF
SHA-256:	30035484C81590976627F8FACE9507CAA8581A7DC7630CCCF6A8D6DE65CAB707
SHA-512:	4F12D17AA8A3008CAA3DDD0E41D3ED713A24F9B5A465EE93B2E4BECCF876D5BDF0259AA0D2DD77AD61BB59DC871F78937FFBE4D0F60638014E8EA8A27CAF228D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.4...Z...Z...Z......Z..^...Z..Y...Z.._...Z..[...Z...[...Z...[...Z...[...Z..._...Z...Z...Z.......Z......Z...X...Z.Rich..Z.........PE..d......_.........." .....^$..........O$.......................................7.....}.7...`...........................................,......2.......6.......4. .....6.......6..J....).T.....................).(...p.).0............p$..%...........................text....\$......^$................. ..`.rdata......p$......b$.............@..@.data.........3..n....2.............@....pdata.. .....4......l4.............@..@.rsrc.........6......`6.............@..@.reloc...J....6..L...f6.............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5QmlModels.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	438768
Entropy (8bit):	6.312090336793804
Encrypted:	false
SSDEEP:	6144:k1tE6lq982HdyuEZ5gw+VHDZjZ0yOWm7Vdcm4GyasLCZCu6vdQp:k1tEuq9Hdyuo5gwguyOtVIup
MD5:	2030C4177B499E6118BE5B9E5761FCE1
SHA1:	050D0E67C4AA890C80F46CF615431004F2F4F8FC
SHA-256:	51E4E5A5E91F78774C44F69B599FAE4735277EF2918F7061778615CB5C4F6E81
SHA-512:	488F7D5D9D8DEEE9BBB9D63DAE346E46EFEB62456279F388B323777999B597C2D5AEA0EE379BDF94C9CBCFD3367D344FB6B5E90AC40BE2CE95EFA5BBDD363BCC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...5.H.4...(...>.......*.......4.......8.......8......9...<...g....../......=....$.=...<.L.=......=...Rich<...................PE..d...M.._.........." .....(...r......d+..............................................MF....`.........................................0E...^..0................`.. F..................H...T.......................(.......0............@...............................text...N&.......(.................. ..`.rdata.......@.......,..............@..@.data...x/...0...(..................@....pdata.. F...`...H...>..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Quick.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	4148720
Entropy (8bit):	6.462183686222023
Encrypted:	false
SSDEEP:	49152:EcDwCQsvkBD+ClI3IAVLA7Tr15SokomoqxQhT2bAssCFEUGX5ig:E7CKPsA3p0Z/QV/sS3Ag
MD5:	65F59CFC0C1C060CE20D3B9CEFFBAF46
SHA1:	CFD56D77506CD8C0671CA559D659DAB39E4AD3C2
SHA-256:	C81AD3C1111544064B1830C6F1AEF3C1FD13B401546AB3B852D697C0F4D854B3
SHA-512:	D6F6DC19F1A0495026CBA765B5A2414B6AF0DBFC37B5ACEED1CD0AE37B3B0F574B759A176D75B01EDD74C6CE9A3642D3D29A3FD7F166B53A41C8978F562B4B50
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!Fvge'.4e'.4e'.4l_.4i'.4.H.5m'.4.H.5a'.4.H.5\|'.4.H.5c'.4.W.5o'.4qL.5`'.4e'.4.,.4.W.5.'.4.W.5d'.4.W.4d'.4e'.4d'.4.W.5d'.4Riche'.4........................PE..d......_.........." ......%..B......L.$.......................................?.......?...`.........................................0)2.P.....8.T.....>.......<..^...2?.......?.py......T.......................(.......0............ %..\...........................text.....%.......%................. ..`.rdata....... %.......%.............@..@.data....I...@;..2... ;.............@....pdata...^....<..`...R<.............@..@.rsrc.........>.......>.............@..@.reloc..py....?..z....>.............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Svg.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	330736
Entropy (8bit):	6.381828869454302
Encrypted:	false
SSDEEP:	6144:6qLZcTC3wR/0JNZ+csBkBv0L0hq+SvcO8MsvwbIeblsjTR:6qNcCwqHE2fYlsPR
MD5:	03761F923E52A7269A6E3A7452F6BE93
SHA1:	2CE53C424336BCC8047E10FA79CE9BCE14059C50
SHA-256:	7348CFC6444438B8845FB3F59381227325D40CA2187D463E82FC7B8E93E38DB5
SHA-512:	DE0FF8EBFFC62AF279E239722E6EEDD0B46BC213E21D0A687572BFB92AE1A1E4219322233224CA8B7211FFEF52D26CB9FE171D175D2390E3B3E6710BBDA010CB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............_._._..*_._,.^._..^._,.^._,.^._,.^._a.^._._=.._a.^._a.^._a.F_._.._._a.^._Rich._................PE..d......_.........." .........................................................@.......^....`.................................................((....... ...........0...........0..H...xL..T....................N..(....L..0............................................text............................... ..`.rdata..p...........................@..@.data...8...........................@....pdata...0.......2..................@..@.rsrc........ ......................@..@.reloc..H....0......................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5WebSockets.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	149488
Entropy (8bit):	6.116105454277536
Encrypted:	false
SSDEEP:	3072:4sSkET6pEXb3loojg1Q2sorWvZXF2sorrLA7cG27Qhvvc:4sSd6pwzloDbsnX0sCrc7ct7QVc
MD5:	A016545F963548E0F37885E07EF945C7
SHA1:	CBE499E53AB0BD2DA21018F4E2092E33560C846F
SHA-256:	6B56F77DA6F17880A42D2F9D2EC8B426248F7AB2196A0F55D37ADE39E3878BC6
SHA-512:	47A3C965593B97392F8995C7B80394E5368D735D4C77F610AFD61367FFE7658A0E83A0DBD19962C4FA864D94F245A9185A915010AFA23467F999C833982654C2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'`.CF.KCF.KCF.KJ>.KGF.K.).JAF.KW-.JAF.K.).JVF.K.).JKF.K.).J@F.K.6.JFF.KCF.K.G.K.6.JPF.K.6.JBF.K.6.KBF.KCF.KBF.K.6.JBF.KRichCF.K........................PE..d......_.........." .....$..........t(.......................................p.......5....`............................................."..l........P.......0.......,.......`..L...hw..T....................x..(....w..0............@...............................text....".......$.................. ..`.rdata..z....@.......(..............@..@.data...x...........................@....pdata.......0......................@..@.rsrc........P......."..............@..@.reloc..L....`.......(..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Widgets.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5498352
Entropy (8bit):	6.619117060971844
Encrypted:	false
SSDEEP:	49152:KO+LIFYAPZtMym9RRQ7/KKIXSewIa/2Xqq1sfeOoKGOh6EwNmiHYYwBrK8KMlH0p:IGoKZdRqJD10rK8KMlH0gi5GX0oKZ
MD5:	4CD1F8FDCD617932DB131C3688845EA8
SHA1:	B090ED884B07D2D98747141AEFD25590B8B254F9
SHA-256:	3788C669D4B645E5A576DE9FC77FCA776BF516D43C89143DC2CA28291BA14358
SHA-512:	7D47D2661BF8FAC937F0D168036652B7CFE0D749B571D9773A5446C512C58EE6BB081FEC817181A90F4543EBC2367C7F8881FF7F80908AA48A7F6BB261F1D199
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x..................I.......I.......I.......I...........................................9.................................Rich............PE..d....._.........." ......3..P .......3.......................................T......MT...`.........................................0.D.P^....L.h....pS......0P..8....S.......S.d.....?.T...................`.?.(...0.?.0.............3.._...........................text.....3.......3................. ..`.rdata..8.....3.......3.............@..@.data.........O......dO.............@....pdata...8...0P..:....O.............@..@.rsrc........pS......4S.............@..@.reloc..d.....S......:S.............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\VCRUNTIME140.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	101872
Entropy (8bit):	6.5661918084228725
Encrypted:	false
SSDEEP:	1536:RCKWZGuEK0mOLSTxoPl9GIcuZrxi4hXX9oix8H+NCIecbGShwZul:RFWY1WxgGStJ8H2CIecbG36
MD5:	971DBBE854FC6AB78C095607DFAD7B5C
SHA1:	1731FB947CD85F9017A95FDA1DC5E3B0F6B42CA2
SHA-256:	5E197A086B6A7711BAA09AFE4EA7C68F0E777B2FF33F1DF25A21F375B7D9693A
SHA-512:	B966AAB9C0D9459FADA3E5E96998292D6874A7078924EA2C171F0A1A50B0784C24CC408D00852BEC48D6A01E67E41D017684631176D3E90151EC692161F1814D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w.............t:..............................................................Rich....................PE..d.....t^.........." .........^.......................................................e....`A.........................................0..4....9.......p.......P.......L...A..............8........................... ...0............................................text...2........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\VCRUNTIME140_1.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	44528
Entropy (8bit):	6.627837381503075
Encrypted:	false
SSDEEP:	384:Aim/NRETi8kykt25HwviU5fJUiP2551xWmbTqOA7SXf+Ny85xM8ATJWr3KWoC8cS:0Ie8kySL2iPQxdvjAevcMESW5lxJG
MD5:	6BC084255A5E9EB8DF2BCD75B4CD0777
SHA1:	CF071AD4E512CD934028F005CABE06384A3954B6
SHA-256:	1F0F5F2CE671E0F68CF96176721DF0E5E6F527C8CA9CFA98AA875B5A3816D460
SHA-512:	B822538494D13BDA947655AF791FED4DAA811F20C4B63A45246C8F3BEFA3EC37FF1AA79246C89174FE35D76FFB636FA228AFA4BDA0BD6D2C41D01228B151FD89
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .S.A...A...A..0.m..A..O....A...9...A...A...A..O....A..O....A..O....A..O....A..O.}..A..O....A..Rich.A..................PE..d.....t^.........." .....:...4......pA...............................................Z....`A.........................................j......\|k..x....................l...A......8....b..8...........................@b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\d3dcompiler_47.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	4173928
Entropy (8bit):	6.329102290474506
Encrypted:	false
SSDEEP:	49152:8BfmqCtLI4erBYysLjG/A8McPyCD6hw16JVTW7B3EgvVlQ3LAYmyNOvGJse+aWyb:8eZevVKACOvWYQF
MD5:	B0AE3AA9DD1EBD60BDF51CB94834CD04
SHA1:	EE2F5726AC140FB42D17ABA033D678AFAF8C39C1
SHA-256:	E994847E01A6F1E4CBDC5A864616AC262F67EE4F14DB194984661A8D927AB7F4
SHA-512:	756EBF4FA49029D4343D1BDB86EA71B2D49E20ADA6370FD7582515455635C73D37AD0DBDEEF456A10AB353A12412BA827CA4D70080743C86C3B42FA0A3152AA3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G..(.a.{.a.{.a.{..m{5a.{..l{.a.{.m{.a.{.o{.a.{.a.{.a.{.i{.a.{.l{.a.{.h{.a.{.q{.a.{.k{.a.{.n{.a.{Rich.a.{........................PE..d......R.........." ......;.........`.8......................................@@......a@...`...........................................;.u...P.>.d.....?.@.....=......t?.h<... ?..{..................................@a................>.P............................text.....;.......;................. ..`.data...h.....;.......;.............@....pdata........=......n<.............@..@.idata..@.....>......B>.............@..@.rsrc...@.....?......\>.............@..@.reloc....... ?......b>.............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\libEGL.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	25072
Entropy (8bit):	5.961464514165753
Encrypted:	false
SSDEEP:	384:KEyYvsyDQrjwgut4Maw+XZndDGg7Dgf2hU:RvszjwgocwOhdDGEUf2hU
MD5:	BB00EF1DD81296AF10FDFA673B4D1397
SHA1:	773FFCF4A231B963BAAC36CBEF68079C09B62837
SHA-256:	32092DE077FD57B6EF355705EC46C6D21F6D72FBE3D3A5DD628F2A29185A96FA
SHA-512:	C87C0868C04852B63A7399AFE4E568CD9A65B7B7D5FD63030ABEA649AAC5E9F2293AB5BE2B2CE56A57F2B4B1992AE730150A293ADA53637FC5CD7BE0A727CBD4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...Xv@.Xv@.Xv@. .@.Xv@.7wA.Xv@.3wA.Xv@.7sA.Xv@.7rA.Xv@.7uA.Xv@W(wA.Xv@.Xw@.Xv@W(sA.Xv@W(vA.Xv@W(.@.Xv@.X.@.Xv@W(tA.Xv@Rich.Xv@........PE..d...#._.........." .........0......................................................Z.....`.........................................`9.......B..d.......H....p.......F.......... ....3..T............................4..0............0...............................text............................... ..`.rdata..r#...0...$..................@..@.data........`.......:..............@....pdata.......p.......<..............@..@.rsrc...H............>..............@..@.reloc.. ............D..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\libGLESv2.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	3385328
Entropy (8bit):	6.382356347494905
Encrypted:	false
SSDEEP:	49152:sU0O89Onk/cNTgO/WSLqfTPnK+9eaOiY95ZEQryD1pPG3L:MaHUKt3L
MD5:	2247EE4356666335DF7D72129AF8D600
SHA1:	F0131C1A67FC17C0E8DCC4A4CA38C9F1780E7182
SHA-256:	50FAD5605B3D57627848B3B84A744DFB6A045609B8236B04124F2234676758D8
SHA-512:	67F2A7BF169C7B9A516689CF1B16446CA50E57F099B9B742CCB1ABB2DCDE8867F8F6305AD8842CD96194687FC314715AE04C1942B0E0A4F51B592B028C5B16D3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............t..t..t....t.A.p..t.A.w..t.A.q..t.A.u..t.u..t..u..t...q..t...t..t......t.....t...v..t.Rich..t.........PE..d....._.........." ......&.........L.&.......................................3.......3...`..........................................0..]....0.......3.P.....1.L.....3.......3..;...},.T...................P.,.(... ~,.0.............'..............................text...o.&.......&................. ..`.rdata........'.......&.............@..@.data.........1.......0.............@....pdata..L.....1.......1.............@..@.rsrc...P.....3......J3.............@..@.reloc...;....3..<...P3.............@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\opengl32sw.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	20923392
Entropy (8bit):	6.255903817217008
Encrypted:	false
SSDEEP:	393216:LIckHor5uLnn83wAP5hxOZEa7/LzRuDFqILn5LgcKyZyQXt+8M:yEZbv
MD5:	7DBC97BFEE0C7AC89DA8D0C770C977B6
SHA1:	A064C8D8967AAA4ADA29BD9FEFBE40405360412C
SHA-256:	963641A718F9CAE2705D5299EAE9B7444E84E72AB3BEF96A691510DD05FA1DA4
SHA-512:	286997501E1F5CE236C041DCB1A225B4E01C0F7C523C18E9835507A15C0AC53C4D50F74F94822125A7851FE2CB2FB72F84311A2259A5A50DCE6F56BA05D1D7E8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.@..............'.......'.......'..[...........\|.-.....\|.+....\|..<....'......../.....q.*.....q.+....q.&.^...q.......q.,.....Rich............PE..d....._W.........." .....(....b.....\|&....................................... E...........`.........................................0.1.t.....1...............9.`n............C..k.. . .T..................... .(..... ..............@...............................text...T&.......(.................. ..`.rdata..XvO..@...xO..,..............@..@.data....;....1.......1.............@....pdata..`n....9..p...D3.............@..@.gfids.......pC.......=.............@..@.tls..........C.......=.............@..._RDATA........C.......=.............@..@.reloc...k....C..l....=.............@..B................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\generic\qtuiotouchplugin.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	68080
Entropy (8bit):	6.207162014262433
Encrypted:	false
SSDEEP:	1536:mQ4IT53ign4CbtlO705xWL3frA5rlhgQJ7tapgUff:mLIT53Hbtk70OLs3hg0Cz
MD5:	750A31DE7840B5EED8BA14C1BD84D348
SHA1:	D345D13B0C303B7094D1C438E49F0046791DE7F6
SHA-256:	A9BFFB0F3CD69CD775C328C916E46440FE80D99119FAEBC350C7EC51E3E57C41
SHA-512:	5C0A68ED27A9F1BBFF104942152E475C94BB64B03CE252EAAC1A6770E24DC4156CE4ADE99EBCD92662801262DED892C33F84C605AD84472B45A83C4883D5E767
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h..h..h...s.h..]...h.....h..]...h..]...h..]...h......h..h..&h......h......h......h......h..Rich.h..................PE..d...X._.........." .........b......$........................................@......{v....`......................................... ................ ..X....................0......H...T......................(.......0............................................text............................... ..`.rdata...E.......F..................@..@.data...............................@....pdata..............................@..@.qtmetadi...........................@..P.rsrc...X.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\iconengines\qsvgicon.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	41968
Entropy (8bit):	6.0993566622860635
Encrypted:	false
SSDEEP:	768:VPs5g31JfDgej5JZmA0ZsEEC6lmn+4FdDGimUf2hr:VkC31ee7ZmA+sEEC6lmn+4FOUfc
MD5:	313F89994F3FEA8F67A48EE13359F4BA
SHA1:	8C7D4509A0CAA1164CC9415F44735B885A2F3270
SHA-256:	42DDE60BEFCF1D9F96B8366A9988626B97D7D0D829EBEA32F756D6ECD9EA99A8
SHA-512:	06E5026F5DB929F242104A503F0D501A9C1DC92973DD0E91D2DAF5B277D190082DE8D37ACE7EDF643C70AA98BB3D670DEFE04CE89B483DA4F34E629F8ED5FECF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n.:..i..i..i#.Ei...i...h(..i>..h(..i...h8..i...h-..i...h(..i...h-..i..i...i...h(..i...h+..i..)i+..i...h+..iRich*..i........................PE..d......_.........." .....@...F.......F..............................................C.....`..........................................g..x...hh..........H...........................xX..T....................Z..(....X..0............P...............................text....>.......@.................. ..`.rdata...3...P...4...D..............@..@.data................x..............@....pdata...............z..............@..@.qtmetadj...........................@..P.rsrc...H...........................@..@.reloc..............................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qgif.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	39408
Entropy (8bit):	6.0316011626259405
Encrypted:	false
SSDEEP:	768:ygk2hM0GskFtvPCjEIxh8eDzFyPddeeGvnhotdDGPUf2he:yN2a05kfPOEMaeDzFkddeFnhotOUfh
MD5:	52FD90E34FE8DED8E197B532BD622EF7
SHA1:	834E280E00BAE48A9E509A7DC909BEA3169BDCE2
SHA-256:	36174DD4C5F37C5F065C7A26E0AC65C4C3A41FDC0416882AF856A23A5D03BB9D
SHA-512:	EF3FB3770808B3690C11A18316B0C1C56C80198C1B1910E8AA198DF8281BA4E13DC9A6179BB93A379AD849304F6BB934F23E6BBD3D258B274CC31856DE0FC12B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3..3..3..KA.3..o\..3..X..3..o\..3..o\..3..o\..3.."C..3..3...3.."C..3.."C..3.."C-.3.."C..3..Rich.3..........PE..d...H._.........." .....@...B.......E...............................................^....`..........................................f..t....f..........@............~..............HW..T....................X..(....W..0............P...............................text...k?.......@.................. ..`.rdata..&)...P...*...D..............@..@.data...(............n..............@....pdata...............p..............@..@.qtmetads............v..............@..P.rsrc...@............x..............@..@.reloc...............\|..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qicns.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	45040
Entropy (8bit):	6.016125225197622
Encrypted:	false
SSDEEP:	768:vEip0IlhxTDxut3dnm8IyAmQQ3ydJouEAkNypTAO0tfC3apmsdDG9Uf2hU:vxvXxgVIyA23ydJlEATpTAO0tfCKpms/
MD5:	AD84AF4D585643FF94BFA6DE672B3284
SHA1:	5D2DF51028FBEB7F6B52C02ADD702BC3FA781E08
SHA-256:	F4A229A082D16F80016F366156A2B951550F1E9DF6D4177323BBEDD92A429909
SHA-512:	B68D83A4A1928EB3390DEB9340CB27B8A3EB221C2E0BE86211EF318B4DD34B37531CA347C73CCE79A640C5B06FBD325E10F8C37E0CEE2581F22ABFBFF5CC0D55
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................a....Q........Q......Q......Q......................................Rich...........PE..d......_.........." .....B...N.......G...............................................&....`.............................................t...$...........@...........................xp..T....................r..(....p..0............`...............................text....@.......B.................. ..`.rdata...9...`...:...F..............@..@.data...............................@....pdata..............................@..@.qtmetadx...........................@..P.rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qico.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	38384
Entropy (8bit):	5.957072398645384
Encrypted:	false
SSDEEP:	768:zBXBEfQiAzC9Oh5AS7a3Z5OGrTDeV9mp7nnsWdDGgYUf2hi/:8JAzuOhy3zOGrTDeV9mp7nnsWjYUfz
MD5:	A9ABD4329CA364D4F430EDDCB471BE59
SHA1:	C00A629419509929507A05AEBB706562C837E337
SHA-256:	1982A635DB9652304131C9C6FF9A693E70241600D2EF22B354962AA37997DE0B
SHA-512:	004EA8AE07C1A18B0B461A069409E4061D90401C8555DD23DBF164A08E96732F7126305134BFAF8B65B0406315F218E05B5F0F00BEDB840FB993D648CE996756
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........u.G...G...G...N...C......E...S...E......R......O......D.......B...G...........D.......F.......F.......F...RichG...................PE..d...H._.........." .....4...H.......9....................................................`..........................................h..t...th..........@............z..............(X..T....................Y..(....X..0............P..8............................text....2.......4.................. ..`.rdata..B/...P...0...8..............@..@.data...h............h..............@....pdata...............l..............@..@.qtmetad.............r..............@..P.rsrc...@............t..............@..@.reloc...............x..............@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qjpeg.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	421360
Entropy (8bit):	5.7491063936821405
Encrypted:	false
SSDEEP:	6144:USgOWz1eW38u9tyh6fpGUasBKTrsXWwMmH1l3JM5hn0uEfB4:USPQTnastBRB4
MD5:	16ABCCEB70BA20E73858E8F1912C05CD
SHA1:	4B3A32B166AB5BBBEE229790FDAE9CBC84F936BA
SHA-256:	FB4E980CB5FAFA8A4CD4239329AED93F7C32ED939C94B61FB2DF657F3C6AD158
SHA-512:	3E5C83967BF31C9B7F1720059DD51AA4338E518B076B0461541C781B076135E9CB9CBCEB13A8EC9217104517FBCC356BDD3FFACA7956D1C939E43988151F6273
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Iv"...L...L...L..o....L..xM...L..\|M...L.......L..xI...L..xH...L..xO...L..gM...L...M...L..gH.?.L..gI...L..gL...L..g....L..gN...L.Rich..L.........PE..d...o._.........." .....b...........i...............................................g....`.............................................t...............@....`.......R..............h...T.......................(.......0...............@............................text....`.......b.................. ..`.rdata..J............f..............@..@.data...8....P.......(..............@....pdata.......`... ...*..............@..@.qtmetad.............J..............@..P.rsrc...@............L..............@..@.reloc...............P..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qsvg.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	32240
Entropy (8bit):	5.978149408776758
Encrypted:	false
SSDEEP:	768:uOVKDlJJVlTuLiMtsKVG7TSdDG9Uf2h4e:hVgJVlTuL/tsKVG7TSQUfre
MD5:	C0DE135782FA0235A0EA8E97898EAF2A
SHA1:	FCF5FD99239BF4E0B17B128B0EBEC144C7A17DE2
SHA-256:	B3498F0A10AC4CB42CF7213DB4944A34594FF36C78C50A0F249C9085D1B1FF39
SHA-512:	7BD5F90CCAB3CF50C55EAF14F7EF21E05D3C893FA7AC9846C6CA98D6E6D177263AC5EB8A85A34501BCFCA0DA7F0B6C39769726F4090FCA2231EE64869B81CF0B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x>...P...P...P..a...P.&vQ...P..rQ...P.&vU...P.&vT...P.&vS...P.kiQ...P...Q.n.P.kiU...P.kiP...P.ki....P.kiR...P.Rich..P.........PE..d......_.........." .....$...B......D)....................................................`.........................................PU..t....U..........@............b...............G..T....................I..(...PH..0............@..(............................text....".......$.................. ..`.rdata...+...@...,...(..............@..@.data...8....p.......T..............@....pdata...............V..............@..@.qtmetad.............Z..............@..P.rsrc...@............\..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qtga.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	31728
Entropy (8bit):	5.865766652452823
Encrypted:	false
SSDEEP:	768:1lGALluUEAQATWQ79Z2Y8Ar+dDG2vUf2hF:TZl/EH8WQ794Y8Ar+hvUfm
MD5:	A913276FA25D2E6FD999940454C23093
SHA1:	785B7BC7110218EC0E659C0E5ACE9520AA451615
SHA-256:	5B641DEC81AEC1CF7AC0CCE9FC067BB642FBD32DA138A36E3BDAC3BB5B36C37A
SHA-512:	CEBE48E6E6C5CDF8FC339560751813B8DE11D2471A3DAB7D648DF5B313D85735889D4E704E8EEC0AD1084AB43BE0EBDFBACD038AEAC46D7A951EFB3A7CE838EB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F ._'N._'N._'N.V_.Y'N..HO.]'N.KLO.]'N..HK.M'N..HJ.W'N..HM.\'N..WO.Z'N._'O.4'N..WK.\'N..WN.^'N..W..^'N..WL.^'N.Rich_'N.........................PE..d......_.........." ....."...@.......'..............................................7.....`..........................................W..t...dX..........@.......`....`..............(I..T....................J..(....I..0............@..h............................text...[!.......".................. ..`.rdata...)...@...*...&..............@..@.data........p.......P..............@....pdata..`............T..............@..@.qtmetadu............X..............@..P.rsrc...@............Z..............@..@.reloc...............^..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qtiff.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	390128
Entropy (8bit):	5.724665470266677
Encrypted:	false
SSDEEP:	6144:V0jqHiFBaRe0GPAKwP15e7xrEEEEEEN024Rx/3tkYiHUASQbs/l7OanYoOgyV:0qqwP15bx/q7/yyV
MD5:	9C0ACF12D3D25384868DCD81C787F382
SHA1:	C6E877ABA3FB3D2F21D86BE300E753E23BB0B74E
SHA-256:	825174429CED6B3DAB18115DBC6C9DA07BF5248C86EC1BD5C0DCAECA93B4C22D
SHA-512:	45594FA3C5D7C4F26325927BB8D51B0B88E162E3F5E7B7F39A5D72437606383E9FDC8F83A77F814E45AFF254914514AE52C1D840A6C7B98767F362ED3F4FC5BD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................E....q............q......q......q......<.............<......<......<......<.)....<......Rich....................PE..d......_.........." .....(..........D-.......................................0............`.............................................t...4...........@........%........... ..(....d..T................... f..(....d..0............@..0............................text....&.......(.................. ..`.rdata...v...@...x...,..............@..@.data...(...........................@....pdata...%.......&..................@..@.qtmetad............................@..P.rsrc...@...........................@..@.reloc..(.... ......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qwbmp.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	30192
Entropy (8bit):	5.938644231596902
Encrypted:	false
SSDEEP:	768:EfEM3S46JE2X/xBZ76pC5J6GdDGZUf2h4:63S3JE2PHZ76pC5J6GEUfn
MD5:	68919381E3C64E956D05863339F5C68C
SHA1:	CE0A2AD1F1A46B61CB298CEC5AA0B25FF2C12992
SHA-256:	0F05969FB926A62A338782B32446EA3E28E4BFBFFC0DBD25ED303FAB3404ABAC
SHA-512:	6222A3818157F6BCD793291A6C0380EF8C6B93ECEA2E0C9A767D9D9163461B541AFAF8C6B21C5A020F01C95C6EE9B2B74B358BA18DA120F520E87E24B20836AA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]...<.I.<.I.<.I.D%I.<.I.S.H.<.I.W.H.<.I.S.H.<.I.S.H.<.I.S.H.<.IYL.H.<.I.<.I.<.IYL.H.<.IYL.H.<.IYLII.<.IYL.H.<.IRich.<.I........PE..d......_.........." ..... ...8.......'....................................................`......................................... D..t....D..........@....p..T....Z...............6..T...................p8..(...@7..0............0..p............................text............ .................. ..`.rdata..d&...0...(...$..............@..@.data........`.......L..............@....pdata..T....p.......N..............@..@.qtmetad~............R..............@..P.rsrc...@............T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\imageformats\qwebp.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	510448
Entropy (8bit):	6.605517748735854
Encrypted:	false
SSDEEP:	12288:bPTjgdqdsvh+LrLrLrL5/y4DVHAsqx3hXS+oPZQqRaYG:jT5sMLrLrLrL5q4dAsaOFo
MD5:	308E4565C3C5646F9ABD77885B07358E
SHA1:	71CB8047A9EF0CDB3EE27428726CACD063BB95B7
SHA-256:	6E37ACD0D357871F92B7FDE7206C904C734CAA02F94544DF646957DF8C4987AF
SHA-512:	FFAEECFAE097D5E9D1186522BD8D29C95CE48B87583624EB6D0D52BD19E36DB2860A557E19F0A05847458605A9A540C2A9899D53D36A6B7FD5BF0AD86AF88124
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................a....s........s......s......s....>.........>......>.....>....>......>....Rich...................PE..d......_.........." .....B..........tH.......................................0......`q....`..........................................W..t....W..........@.......0H........... ......h...T.......................(.......0............`...............................text...[@.......B.................. ..`.rdata..J....`.......F..............@..@.data....'...........X..............@....pdata..0H.......J...\..............@..@.qtmetadv...........................@..P.rsrc...@...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qminimal.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	844784
Entropy (8bit):	6.625808732261156
Encrypted:	false
SSDEEP:	12288:y6MhioHKQ1ra8HT+bkMY8zKI4kwU7dFOTTYfEWmTxbwTlWc:BMhioHKQp+bkjAjwGdFSZtbwBd
MD5:	2F6D88F8EC3047DEAF174002228219AB
SHA1:	EB7242BB0FE74EA78A17D39C76310A7CDD1603A8
SHA-256:	05D1E7364DD2A672DF3CA44DD6FD85BED3D3DC239DCFE29BFB464F10B4DAA628
SHA-512:	0A895BA11C81AF14B5BD1A04A450D6DCCA531063307C9EF076E9C47BD15F4438837C5D425CAEE2150F3259691F971D6EE61154748D06D29E4E77DA3110053B54
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#\..B2..B2..B2..:...B2..-3..B2.F....B2..-7..B2..-6..B2..-1..B2..)6..B2.^23..B2..)3..B2..B3.@2.^26..B2.^27..B2.^22..B2.^2...B2.^20..B2.Rich.B2.........PE..d...N._.........." ......................................................... ............`......................................... ...x.......@.......H....`..H.......................T.......................(.......0...............(............................text...;........................... ..`.rdata...C.......D..................@..@.data...H....@......."..............@....pdata..H....`.......0..............@..@.qtmetad............................@..P.rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qoffscreen.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	754672
Entropy (8bit):	6.6323155845799695
Encrypted:	false
SSDEEP:	12288:/HpBmyVIRZ3Tck83vEgex5aebusGMIlhLfEWmpCJkl:/HpB63TckUcLaHMITAZmW
MD5:	6407499918557594916C6AB1FFEF1E99
SHA1:	5A57C6B3FFD51FC5688D5A28436AD2C2E70D3976
SHA-256:	54097626FAAE718A4BC8E436C85B4DED8F8FB7051B2B9563A29AEE4ED5C32B7B
SHA-512:	8E8ABB563A508E7E75241B9720A0E7AE9C1A59DD23788C74E4ED32A028721F56546792D6CCA326F3D6AA0A62FDEDC63BF41B8B74187215CD3B26439F40233F4D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m..T..KT..KT..K]t7K@..K.c.JV..K@g.JV..K.cKU..K.c.JA..K.c.J\..K.c.JP..K.\|.JQ..KT..K...K.\|.Js..K.\|.JS..K.\|.JU..K.\|[KU..K.\|.JU..KRichT..K........PE..d...R._.........." ................L.....................................................`.............................................x...8...........H....... s...h..........p.......T................... ...(.......0...............@............................text............................... ..`.rdata..............................@..@.data...............................@....pdata.. s.......t..................@..@.qtmetad.............T..............@..P.rsrc...H............V..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qwebgl.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	482288
Entropy (8bit):	6.152380961313931
Encrypted:	false
SSDEEP:	6144:WO/vyK+DtyaHlIMDhg5WEOvAwKB2VaaHeqRw/yVfYu4UnCA6DEjeYchcD+1Zy2:bKtHOWg5OvAwK0NYu4AShcD+1U2
MD5:	1EDCB08C16D30516483A4CBB7D81E062
SHA1:	4760915F1B90194760100304B8469A3B2E97E2BC
SHA-256:	9C3B2FA2383EEED92BB5810BDCF893AE30FA654A30B453AB2E49A95E1CCF1631
SHA-512:	0A923495210B2DC6EB1ACEDAF76D57B07D72D56108FD718BD0368D2C2E78AE7AC848B90D90C8393320A3D800A38E87796965AFD84DA8C1DF6C6B244D533F0F39
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........gM..#...#...#..~....#.ei&...#.ei'...#.ei ...#..m'...#.ei"...#.(v"...#..m"...#..."...#.(v&...#.(v#...#.(v...#.(v!...#.Rich..#.................PE..d......_.........." .....R...........;....................................................`..........................................m..t...Dn..T.......@....@...=...@..............0...T.......................(.......0............p..(............................text...{Q.......R.................. ..`.rdata..:....p.......V..............@..@.data...H....0......................@....pdata...=...@...>..................@..@.qtmetadz............2..............@..P.rsrc...@............4..............@..@.reloc...............8..............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platforms\qwindows.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1477104
Entropy (8bit):	6.575113537540671
Encrypted:	false
SSDEEP:	24576:4mCSPJrAbXEEuV9Hw2SoYFo3HdxjEgqJkLdLu5qpmZuhg/A2b:nPlIEEuV9Hw2SFFWHdWZsdmqja/A2b
MD5:	4931FCD0E86C4D4F83128DC74E01EAAD
SHA1:	AC1D0242D36896D4DDA53B95812F11692E87D8DF
SHA-256:	3333BA244C97264E3BD19DB5953EFA80A6E47AACED9D337AC3287EC718162B85
SHA-512:	0396BCCDA43856950AFE4E7B16E0F95D4D48B87473DC90CF029E6DDFD0777E1192C307CFE424EAE6FB61C1B479F0BA1EF1E4269A69C843311A37252CF817D84D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i...-...-...-...$.%.9.....q.,......8......%......)......+...9......9..,......)..........9..8...-..........d......,.....I.,......,...Rich-...........PE..d....._.........." .....,...h......4+..............................................n.....`.............................................x...(...........H............n..........X....r..T...................Pt..(... s..0............@...5...........................text..._+.......,.................. ..`.rdata.......@.......0..............@..@.data....m...@...D...(..............@....pdata...............l..............@..@.qtmetad.............J..............@..P.rsrc...H............L..............@..@.reloc..X............P..............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\platformthemes\qxdgdesktopportal.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	68592
Entropy (8bit):	6.125954940500008
Encrypted:	false
SSDEEP:	1536:Nt4B1RLj3S6TtH2sweUH+Hz6/4+D6VFsfvUfO:AB1RHFdoeUs6/4O6VFSZ
MD5:	F66F6E9EDA956F72E3BB113407035E61
SHA1:	97328524DA8E82F5F92878F1C0421B38ECEC1E6C
SHA-256:	E23FBC1BEC6CEEDFA9FD305606A460D9CAC5D43A66D19C0DE36E27632FDDD952
SHA-512:	7FF76E83C8D82016AB6BD349F10405F30DEEBE97E8347C6762EB71A40009F9A2978A0D8D0C054CF7A3D2D377563F6A21B97DDEFD50A9AC932D43CC124D7C4918
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+...o...o...o...f...k......m...{..m......~......h......m......h...o..........k......n.....~.n......n...Richo...........................PE..d...V._.........." .....z...t......T........................................@.......b....`......................................... ................ ..X....................0..4.......T.......................(...p...0...............x............................text....y.......z.................. ..`.rdata...Z.......\...~..............@..@.data...............................@....pdata..............................@..@.qtmetad............................@..P.rsrc...X.... ......................@..@.reloc..4....0......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\plugins\styles\qwindowsvistastyle.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	144368
Entropy (8bit):	6.294675868932723
Encrypted:	false
SSDEEP:	3072:rrjwZ43rCOtrBk7wcR0l7wBlaL6BtIEt51T0Nhkqg8FoQY:7hZu9R0l7wFBtIEt51T0Nuqg8JY
MD5:	53A85F51054B7D58D8AD7C36975ACB96
SHA1:	893A757CA01472A96FB913D436AA9F8CFB2A297F
SHA-256:	D9B21182952682FE7BA63AF1DF24E23ACE592C35B3F31ECEEF9F0EABEB5881B9
SHA-512:	35957964213B41F1F21B860B03458404FBF11DAF03D102FBEA8C2B2F249050CEFBB348EDC3F22D8ECC3CB8ABFDC44215C2DC9DA029B4F93A7F40197BD0C16960
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R._...1]..1]..1]..]..1]..0\..1]..5\..1]..2\..1]..4\..1]..0\..1]..0\..1]..0]..1]..4\..1]..1\..1]...]..1]..3\..1]Rich..1]........................PE..d...`._.........." .....\...........`.......................................`......wJ....`................................................. ........@..X.... ...............P.........T...................`...(...0...0............p...............................text....Z.......\.................. ..`.rdata......p.......`..............@..@.data...............................@....pdata....... ......................@..@.qtmetadm....0......................@..P.rsrc...X....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_ar.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	130
Entropy (8bit):	4.024232093209084
Encrypted:	false
SSDEEP:	3:j2wZC4C/2/vlAlHekW3/S1MUe3/CLlI+rwtbWlMrNtYs8ar/u:Cwm+/PtUePCRIRt6Ygs8y/u
MD5:	8FF05B56C0995F90A80B7064AA6E915C
SHA1:	D5AEB09AE557CEEFB758972EC4AC624CDDC9E6A7
SHA-256:	A8A1B0D6F958E7366D1C856BE61000106D3E7FC993FB931675369892B9002D0B
SHA-512:	5374E0F1D3F5A6A456B00732DE8005787B17ECEF9C8A2B2C1228966A6A8DE211700334D8FD789DAD269F52D0AEED3F5160010CA60909861E270C253B3EA881A4
Malicious:	false
Preview:	<.d....!..`.......ar....R.....q.t.b.a.s.e._.a.r.....q.t.s.c.r.i.p.t._.a.r.....q.t.m.u.l.t.i.m.e.d.i.a._.a.r..............$...*.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_bg.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.6813848812976975
Encrypted:	false
SSDEEP:	3:j2wZC4C/6lLlAlHekVYtzlY1MUdI7lULlI+rwtbWlMoIFl8IPldkO4t/z:CwDC+7tJjUWhURIRt68f8oiP1z
MD5:	466EED6C184D2055488D4C5EA9AE5F20
SHA1:	8599AB9B731BFC84F6EEC7A0129F396FB8FEC4EA
SHA-256:	9E1CE4D91852352043D9191F1A992838F919CBA7E2F2D9BB1161E494E8BF5F5E
SHA-512:	D2462951EC7DCE3D0851AE9C4ED644FFE0D2A5BDD15B4AE1A4295C187B4295BC854D6A5038DAC0564D165463419D615EB6CE7A9760CEFAD71AB673FB2109C349
Malicious:	false
Preview:	<.d....!..`.......bg....v.....q.t.b.a.s.e._.b.g.....q.t.s.c.r.i.p.t._.b.g.....q.t.m.u.l.t.i.m.e.d.i.a._.b.g... .q.t.x.m.l.p.a.t.t.e.r.n.s._.b.g.......

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_ca.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.631479835393124
Encrypted:	false
SSDEEP:	3:j2wZC4C/NVl/lAlHekUOplY1MUce/hlAlI+rwtbWlMpOflUlIPldkOHlz:CwO4+94jUcerAIRt6a6Uloi8
MD5:	6FBA66FE449866B478A2EBA66A724A02
SHA1:	EBEF6ED8460218CE8DF735659A8CBCD693600AC6
SHA-256:	171C7424B24D8502AB53CB3784FF34D8FCFAE26557CF8AF4DFDDEC6485ACC2FE
SHA-512:	2D2438738C6D10D8A53B46DE5A94BBF993818D080F344D9F1B94FC83D60335D9A5E8EFCC297D593FFF1D427972F9F9502FC31C332CAEA579FC7A88487390457E
Malicious:	false
Preview:	<.d....!..`.......ca....v.....q.t.b.a.s.e._.c.a.....q.t.s.c.r.i.p.t._.c.a.....q.t.m.u.l.t.i.m.e.d.i.a._.c.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.a.......

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_cs.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	157
Entropy (8bit):	3.7483537099309427
Encrypted:	false
SSDEEP:	3:j2wZC4C/fVFlAlHekUsplY1MUcM/hlULlI+rwtbWlMpsfl8IPldkO1lPchn:CwY4+9ujUcMrURIRt6aE8oinh
MD5:	D033053C03C3ECFA2AA926E0E674F67F
SHA1:	B4E95F8278121E2549F8BB6B5DAF1496F1738A7D
SHA-256:	3C0CBFD19490D67D1B3B9E944C3A4D9A9E7F87D7AE35E88D5D5A0077349B5B21
SHA-512:	2C7E9E9DBE0B25FBA94A52FE4BCCB1D9FED2A7BD2877DB91F82546C3BC8606280949594227BA0FC1C74C31010E1F573B3A82852BE746EAA4F397140485789136
Malicious:	false
Preview:	<.d....!..`.......cs....v.....q.t.b.a.s.e._.c.s.....q.t.s.c.r.i.p.t._.c.s.....q.t.m.u.l.t.i.m.e.d.i.a._.c.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.c.s...........

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_da.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.6174817344122334
Encrypted:	false
SSDEEP:	3:j2wZC4C/4Jlr/lAlHekT6hY1MUb6JAlI+rwtbWlMuel3UlIPldkOQtt:Cw7rC+3jUkAIRt6EVUloi9
MD5:	E6A683F4A0883B5B0C7D30B847EF208C
SHA1:	FF2440DBBFE04AD86C6F285426AAFD49A895B128
SHA-256:	B5036161CE808C728E5FDA985F792DB565831FD01CF00B282547790C037353A2
SHA-512:	D73B794A71DFD3A3C06BF43ED109F635B4960F9A3904FB728873AB5251BDF6A791DDFDEBA884A2703A35461E18BA902804095AC4B92A2C9361526469B6D35FFA
Malicious:	false
Preview:	<.d....!..`.......da....v.....q.t.b.a.s.e._.d.a.....q.t.s.c.r.i.p.t._.d.a.....q.t.m.u.l.t.i.m.e.d.i.a._.d.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.a.......

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_de.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.6174817344122334
Encrypted:	false
SSDEEP:	3:j2wZC4C/8rJFlAlHekTul01MUbul4LlI+rwtbWlMuallyIPldkOknt:Cw/rJ4+XU5RIRt6Aaoi7t
MD5:	06168E1261BF72F49F94927723B2E1EB
SHA1:	DEAF1B53C3FEE6CB28840418D0060AFA4D59D3FC
SHA-256:	5805B8FF3747849794E2D70661D737C69C15F1AE763C38E17084B1E5A81E9153
SHA-512:	AA3915C029C74DC270514C7F50E8BEC06C825F278E0DE0477AD8ED3187700BBD7711382A6E47C3AC76AC756CEFF9FA8CDD4E9B9DAC817475BC122F78B02C7D7D
Malicious:	false
Preview:	<.d....!..`.......de....v.....q.t.b.a.s.e._.d.e.....q.t.s.c.r.i.p.t._.d.e.....q.t.m.u.l.t.i.m.e.d.i.a._.d.e... .q.t.x.m.l.p.a.t.t.e.r.n.s._.d.e.......

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_en.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:j2wZC4n:CwZ
MD5:	BCEBCF42735C6849BDECBB77451021DD
SHA1:	4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
SHA-256:	9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
SHA-512:	F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
Malicious:	false
Preview:	<.d....!..`...

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_es.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.6070658648473097
Encrypted:	false
SSDEEP:	3:j2wZC4C/7lJFlAlHekSMthULlI+rwtbWlMvEJY1MUaEf8IPldkOzvt:CwElJ4+7MrURIRt6cujUaE8oi0F
MD5:	EE47DFADBA4414FDC051C5CFBE71DDC1
SHA1:	DE650E96A9C130D35F8A498202773EF7FC875D27
SHA-256:	E25E43F046F61022FFE871A2F73C6A12EDFC5C3EFD958C0E019A721860A053B0
SHA-512:	8C1D8901D2F66CCBF947B831858E08B703517470B2B813B241E00162A275AC9103FF5B9251AD39BD53551E0A4FB45EE74187B218A1EF7C6CF6C5FA9F9219AE04
Malicious:	false
Preview:	<.d....!..`.......es....v.....q.t.b.a.s.e._.e.s.....q.t.m.u.l.t.i.m.e.d.i.a._.e.s.....q.t.s.c.r.i.p.t._.e.s... .q.t.x.m.l.p.a.t.t.e.r.n.s._.e.s.......

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_fa.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	293121
Entropy (8bit):	5.272179385890926
Encrypted:	false
SSDEEP:	3072:gEo2cQbzaVmvGQYkHkMRKkNeGr+0BhaRsLAChY21rpnLqL9ytnvC58gypn4l4qF:gEZbza0HjeGrxBhaCLFC
MD5:	F9C3624197ACB30A9E6CC799BB65BED6
SHA1:	D715EAE24387DE15588F68C92991A93FAFB5EEAB
SHA-256:	B292AFB0763B8C7C30A5AF7372BFC12D8A0D00BF3DD4A000715D9F576D9C1A39
SHA-512:	199C107AE7EAFCF2A5EEC149CAFEE7ED09B938E204B56AD3AAC9568D27166F61EC8E2225A11AF26F7E1F035FB5CAD98621A01E8A9942D18C273F43B90201162A
Malicious:	false
Preview:	<.d....!..`.......faB..I....*...u...+...............@.......A...J...B.......C...X...D.......E.......F...%...G.......H...0...I.......P...v...Q.......R.......S.......T..."...U.......V...h...W.......X...s...Y.......]..e....t...................-.......W.......\|.......i...;..Eu...;..Z....;...]...;..c....;.......;..0]...M..f....O.......O..2.......#....}..f=...m..fg.........(5......+;..1a..+;...V..+;...!..+O..17..+O...(..1.......E@......F....u..H4......HY...Y..H....S..I....5..I@.....IA......IC......J...1...J.......J.......J...\|...K...6...LD......L.......PS......R....Z..T.......Zr.. ...[`...O..[`......\...%@..\...2..._...&l.._...38..1........E..........2u..........1.......1...........@......4G...........................$...L...$..xY...[.......,...u...y...y...y..z.......F.......<.......g.......5W...........9...........f...E...U...E../....E..................0-...%..6....%.........................3......f..........5...?...0..EK...0......0..L ...0..c....0.......0...Z...5...........Y.. D

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_fi.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	117
Entropy (8bit):	3.739162292019161
Encrypted:	false
SSDEEP:	3:j2wZC4C/4HlAlHekRgOp1MUZWJKlI+rwtbWlMsIkk:Cwxe++IUocIRt6Qkk
MD5:	72882942B07B8AAC98034016E752B1A0
SHA1:	BF23B4C136B863B10E770019A2DF62FC988859DF
SHA-256:	048CA42DCE4FAF5FC21D843576E3C6FD963146ECC78554E7E5F34D07F64FB213
SHA-512:	403E7F4E9A0E44F2118804F0781A18EB1852797825498751E3AFA02D9558D90293ABDB570786CED80F7EFF800BEF6D9444A72E6A640D331DA46B2A0EA43C8E96
Malicious:	false
Preview:	<.d....!..`.......fi....R.....q.t.b.a.s.e._.f.i.....q.t.s.c.r.i.p.t._.f.i.....q.t.m.u.l.t.i.m.e.d.i.a._.f.i.......

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_fr.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.680458675741643
Encrypted:	false
SSDEEP:	3:j2wZC4C/FjlAlHekRL21MUZNJOLlI+rwtbWlMs9KIPldkORT:Cw3+SU0RIRt6koio
MD5:	3C45C665CFE036A7474CB4DCBB13CF40
SHA1:	62312DFF3C4CD38BAE8456C981601D0D89600F63
SHA-256:	8624033D849E670B12C9532337FCBF260F20848E044FEE7787CFE2AC92BE28DB
SHA-512:	21659AA452BC2493D915F0BE94F90CDD57759B1F1306AAA2836058D41E80DED24742EBD74E19420021514A6AB4150CA0B447574E96B9D3BF0BC5A8C78DAAF7AC
Malicious:	false
Preview:	<.d....!..`.......fr....v.....q.t.b.a.s.e._.f.r.....q.t.s.c.r.i.p.t._.f.r.....q.t.m.u.l.t.i.m.e.d.i.a._.f.r... .q.t.x.m.l.p.a.t.t.e.r.n.s._.f.r.......

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_gd.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	70
Entropy (8bit):	4.463523104731333
Encrypted:	false
SSDEEP:	3:j2wZC4C/EXlAlHekQrEuknbJB:CwjO+5JY
MD5:	A8D55457C0413893F746D40B637F9C93
SHA1:	25123615482947772176E055E4A74043B2FBCAA0
SHA-256:	49DF855A004A17950338AF3146466F6DF4D5852410BD0B58EA80E0D0203A9D24
SHA-512:	99718B948D94B292BDEDF6B247A5856BC7AC78408FCC41C980F264C2C8565125786F0289F5F993DCF11B8CDA3AFB2A1D8634B1D0BC9B34992F538F8E4086EC00
Malicious:	false
Preview:	<.d....!..`.......gd..........q.t.b.a.s.e._.g.d....................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_gl.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	323590
Entropy (8bit):	4.568068046062524
Encrypted:	false
SSDEEP:	3072:OYSG8zxWSDjq73Pf6FT1f4uh50QGrRfFD54YyUY0Ou4/tnra3Z0uYhB5YHfHRRn2:O39WSD3TMQGrxFD5EUVQ
MD5:	0661FFABFBC50187F3BA38876B721946
SHA1:	EB5E7205355CFC6BCB4DF27E224079842C97B296
SHA-256:	204A01AC7DEB6B5BAE193AFECBD1E50D18C73BF7D94BADEB2BBFDF6123C4ED93
SHA-512:	65AB66CC54D65E7678FA731A5C5F2CC9D6FC217B91AD47D538440811E09A23E49CD95CE62A79E3E8C275E250AC1A0B54BD289F6DD067573876DA7AFF54381D02
Malicious:	false
Preview:	<.d....!..`.......gl_ESB..I...........+..&............@.......A...z...B.......C...p...D.......E......F...!...G......H.......I......P...@...Q.......R......S...5...T......U...+...V.......W...a...X.......Y...N...]..o....t..,................F.......p..............4....;..LI...;..bD...;.......;.......;.......;..cJ...M..o1...O..G....O..e.......U....}..oY...m..o........D..(5...X..+;..6/..+;...~..+;......+O..6...+O...N..1......E@...?..F.......H4..'...HY......H...3`..I......I@......IA......IC..0...J...P...J...1...J...0...J.......K...:...LD..2...L...3...PS..:A..R... d..T.......Zr..Rd..[`......[`.....\...WK..\...RR.._...X..._...f...1........E...{......7M..........1.......1....q......O.......9......................)....$... ...$.......[..,=...,..-....y..0X...y...~......Mx......]0.......H......:A......0....9...............E...o...E..b....E.........1.......c....%..;....%...;......3.......^......S................5..4Z...0..L....0.......0..n....0.......0..7....0.......5..9D......!g.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_he.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	83
Entropy (8bit):	3.880645689209568
Encrypted:	false
SSDEEP:	3:j2wZC4C/YJ/dQlHekfaB21MUXmlvt:CwT0+D/UUt
MD5:	DD5C2C6B148F2DB3E666B859776AE129
SHA1:	8368F32039CC0776A1B95C9DED5FE6C9EA0D93FD
SHA-256:	C113D14E218D5402B616DABEA27969C6F83852676468C5EF051DDDEFB3EE0235
SHA-512:	2EAE33C8707407E083F6B8B05EA2C5B987646DF1553888C16D6508C5A33B2F758DDED73323622CD50324C96F51D61B7CE822F393551A30B211ABD3CC1367249F
Malicious:	false
Preview:	<.d....!..`.......he....0.....q.t.b.a.s.e._.h.e.....q.t.s.c.r.i.p.t._.h.e.......

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_ar.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	8743
Entropy (8bit):	5.189558605179696
Encrypted:	false
SSDEEP:	192:YUM7gBwnG4Vxj4nyn9aAMOJckrL6esm/0sQ5HeK1nvEB:YBkKnZxkyn9aAMWPsm/0sQsGvEB
MD5:	CCD39A7C8139AD041E31B3E5D40968B4
SHA1:	5751BE96817BB6AE7C9DA9F1FBA7F42F31CFCC5D
SHA-256:	222088C9752D1CC3BAB985EF2DC77E5AE78578DCE18A61EC15B39F02E588163D
SHA-512:	9844C0EC65EE1C76DBA021EAC6D476A85E6C8F5BBAF4150C1EA80C0A95BEDE67B5E8F981360EF8599FCECDFCBCB83BC0B8AC44DDEFDCD85F914318030E346967
Malicious:	false
Preview:	<.d....!..`.......arB.....(.....d.0T.....5w......Uj....!.`.....M.a[............n..t..............39....&................B<s...V..M^...e......4.O5^...r..)^......o>...........?...t.....D ......k.N.....k.N...C...n...T...I...R..........2>.................\|..G.......w....T.......l..........,................^............$a......6.>...........x..K......W.b....._Xn......GN...m..~......!.....J.K.H.............pN.............P.~.....o.....W..(.......~......s.>......%c.....o.....R.z.q..........................n.h................e.....i..........:.J.1. .E.3.E.Q.I..........Untitled.....QHelp.....8..9.0.Q.1. .F.3... .E.D.A.Q. .'.D..Q.,.E.J.9.).:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler........9.0.Q.1. .%.F.4.'.!. .'.D./.Q.D.J.D.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....>..9.0.Q.1. .%.F.4.'.!. .,./.'.H.D. .A.J. .'.D.E.D.A.Q. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....L..9.0.Q.1. .*.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_bg.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10599
Entropy (8bit):	5.192287379770591
Encrypted:	false
SSDEEP:	192:jhYkcd7CYBdmfIOeX3byuJRoZXlBYnEpUYR+BJqO5X9pA2NNrxC0zwRK2nMY762A:a71DQIrLuVCnEtR+DquhN5xC0zwKPYHA
MD5:	5538049DA3A1D1D724AB6E11D2E2EDBE
SHA1:	7256BE390B88A053C0252488C443BE42F6F2D92A
SHA-256:	CBCDD1E0BBAE332D80DDB0A286056F17C824FA28D353D7FDF12FC97D9F6FE054
SHA-512:	DD98CAF3A016968EEDC9106C1839DDECC2D109E9E354708BD74B35E766C6A098C1680C0B867EAD9FCE2E2A6D683BE673B8E5DF1A1B2F1AAFDB31910FF833370F
Malicious:	false
Preview:	<.d....!..`.......bgB...(.(.......0T......5w... S.Uj......`.......a[....(..........t..............39..........&..........B<s...4..M^..........q...J..%..O5^...O..)^...I..o>...I...J..%.......#....t...A.8dz..$..D ....Z.k.N...<.k.N.......n.......I..............2>...p................G..."...w....................7..,................^............$a....<.6.>..........#...K...........$1.W.b....._Xn......GN...*..~....-..TH.."..!.....5.K.H..#R.........pN..."......&..P.~...@.o.....v..(.........."8..~......s.>.....o.... ..z.q..........................O.h....!t..........e....mi..'.....\|.(...@.8.G.8.=.0.B.0. .<.>.6.5. .4.0. .5.,. .G.5. .4.>.:.C.<.5.=.B.0.F.8.O.B.0. .2.A.5. .>.I.5. .A.5. .8.=.4.5.:.A.8.@.0...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........0.1.5.;.5.6.:.0.:..........Note:.....QCLuceneResultWidget.....,. .5.7.C.;.B.0.B.8. .>.B. .B.J.@.A.5.=.5.B.>..........Search Results.....QCLuceneResultWidget....... .

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_ca.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	7444
Entropy (8bit):	4.580794980254807
Encrypted:	false
SSDEEP:	192:G8oS34B7n303D37Bn3Jso37cfp3Mg3H373R58noct36R9RFu:GQU7ETrxZvqTXLSoct36Pzu
MD5:	66722ED97BCBFD3DAE3C8264413859AB
SHA1:	400A93B213FCF9BBC9785881EA82ADB9F444CD6C
SHA-256:	ECD4283A660F2CF72849B323810D7EADD063120B6F561E05AA1243A5B280946A
SHA-512:	B898BAC9652D7532384ED5CC53FA62DB55D516421D13F815A3E6D5E80AD4C69555F1A7E6C51F8B0A234614824EEE01D6731458F90D40A585990F84A58B9ABE44
Malicious:	false
Preview:	<.d....!..`.......caB............%.......0T......K:^.....Uj......`.....P..YJ...V.E.4...*...........>...7........B<s.....B\>...6........+.s.....zq.......9.......vR......@.......@.......:....;.8Z....!.g.N......F................t.....D ....z.k.N.......I......^......`#.......2.......G........N...7......N......{..................K...............GN......NO...5.........K.H...@.........pN......V............q..................>...N.........~.....5..%c...:.z.q....i...4....".A.f.e.g.e.i.x. .u.n. .f.i.l.t.r.e..........Add Filter.....FilterNameDialogClass.......N.o.m. .d.e.l. .f.i.l.t.r.e.:..........Filter Name:.....FilterNameDialogClass.......S.e.n.s.e. .t...t.o.l..........Untitled.....QHelp.....`.N.o. .s.'.h.a. .p.o.g.u.t. .c.o.p.i.a.r. .e.l. .f.i.t.x.e.r. .d.e. .c.o.l...l.e.c.c.i...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....H.N.o. .s.'.h.a. .p.o.g.u.t. .c.r.e.a.r. .e.l. .d.i.r.e.c.t.o.r.i.:. .%.1..........Cannot create directory: %1.....QHelpCollect

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_cs.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	15297
Entropy (8bit):	4.708378368926237
Encrypted:	false
SSDEEP:	384:hmv1gdEYEiNrVhTBvAn1ca1f5lwHoJr0vwuxqsP/5jxA:o1gdEvgbloCof9ixqspW
MD5:	ED228F0F60AE9AEC28AB9171D5AE9590
SHA1:	7F061CF0C699D125A5531E3480C21964452F45EA
SHA-256:	4AC56FC63E400943BAB13F1D4C418502138908E1D488C24AEE6131D3D17552AA
SHA-512:	794CC671C08BFC50980820A6389B9D0D3514619AD0A8F18EFD5554CBBF2482192DF00B9D3B05FEE45F42276E63E2375FB28E193930D426245035B4B0E3E14ED8
Malicious:	false
Preview:	<.d....!..`.......cs_CZB...H.(.......(.......0T......0T......5w...0..Uj......`.......a[......a[....$.......p..........t.......t...........!..1"....T.39....T.39.......s...0......(......7/.................B<s...L..MQ......M^../q..........J..6@.0....B.O5Q..'..O5^..(A..)Q...X..)^......o>..........+....J..6.......4....t.....8dz..5..D ....R.D ......k.A.....k.A.....k.N.....k.N.......n.."....I..........................2...21......2>..........d.............T..G...4...w...!N......&O......&....!..".......#E..,...,.......)....Q..$/...^..$................$a......6.>.. t......5...K.......K....)......5E.W.b..-.._Xa..%a._Xn..%...GA......GN...?......,9..~.......TH..3..!......K.H..4h.........pA...J..pN..........7..P.~.. ..o.....0..(....*..(..........3V..~....T.s.1.....s.>..._.o....0..o....1p.z.q..........'9.....#........^.........h....2................Z..e... .i..8J......(.D.o.v.o.d.e.m. .p.r.o. .t.o. .b.y. .m.o.h.l.o. .b...t.,. .~.e. .d.o.k.u.m.e.n.t.a.c.e. .j.e. .s.t...l.e. .j.e.a.t...

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_da.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	4795
Entropy (8bit):	4.530246422531362
Encrypted:	false
SSDEEP:	96:X82wNlnKfN1LMFy7LsF3ZqBFZjWo0koBLqBXXjGL0qU7UqB7zoElmP5MUu4DZIHU:XM01f7eOnoB8X2s7Vfg5Mi4beXiOUu
MD5:	1D09BEE1FB55A173F7EB39B9A662A170
SHA1:	C77F0A148262A91679F19689E4790B754D45D5D5
SHA-256:	6BB092552A398687119F6D52145F04BF8373977446D8F00C0DCBD56B96829F0F
SHA-512:	BE5A31A6135E8DB024A8B0EB20C4D8EECBF76861F83FF83B4CA97327DB74AD94BB5D77B4E0A59A33B697C32A4EACD61B8C878951F2C545385C74D99FCE56FEE1
Malicious:	false
Preview:	<.d....!..`.......daB.....%.....m.0T......Uj....V.`....................k.B<s.....B\>..........6.+.s...............t.....D ....\|.k.N...9...I...O..2.......G....B...N...O..............!..K...._..........GN...........@.K.H.............pN..............>.....~.....m..%c.....z.q....i..........U.n.a.v.n.g.i.v.e.t..........Untitled.....QHelp.....D.K.a.n. .i.k.k.e. .k.o.p.i.e.r.e. .s.a.m.l.i.n.g.s.f.i.l.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....6.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .m.a.p.p.e.n.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....V.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .i.n.d.e.k.s.t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1...........&Cannot create index tables in file %1......QHelpCollectionHandler.....J.K.a.n. .i.k.k.e. .o.p.r.e.t.t.e. .t.a.b.e.l.l.e.r. .i. .f.i.l.e.n. .%.1........... Cannot create tables in file %1......QHelpCollectionHandler.....P.K.a.n. .i.k.k.e. .i.n.d.l...s.e. .s.q.l.i.t.e.-.d.a.t.a.b.a.s.e.-.d.r

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_de.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	7570
Entropy (8bit):	4.550982634910665
Encrypted:	false
SSDEEP:	96:8y/gPmmhL/7LlSivP6kBL7jb0RNUzzpld4UGG3Ik18fLP0L7fGc0OeVP8a8hiAwj:1OD7hx/Bv3oNuFX4iqgv34fZsu
MD5:	3B070D169E3381E2FB081172934AAD00
SHA1:	70886EB7EF566B296D0814BD4C2440AC176699D6
SHA-256:	9962523FBAE9F1E4C3B5C3C16860D059291CB30DC5EBE5A5EDA4C836A03FED1E
SHA-512:	271B730B5A7358E923BBBC6FA074A72DA52FA47E3B7726779EF7034200EDA09BF0E1AE4E7B11B59F76805F48DC285F6EFC245EB9C7F4A748BE82B25CEE1DDCAE
Malicious:	false
Preview:	<.d....!..`.......deB..........B.%.....5.0T......K:^.....Uj....?.`.....f..YJ...V.E.4...............>............B<s...z.B\>...\........+.s...Q.zq....C..9....4..vR...B..@.......@.......:......8Z......g.N......F....>...........t.....D ......k.N.......I......^....\|.`#....I..2....<..G....^...N.........................;..........K....y..........GN......NO...........,.K.H.............pN......V...................."..........>.............~........%c.....z.q....i........".F.i.l.t.e.r. .h.i.n.z.u.f...g.e.n..........Add Filter.....FilterNameDialogClass.....".N.a.m.e. .d.e.s. .F.i.l.t.e.r.s.:..........Filter Name:.....FilterNameDialogClass.......O.h.n.e. .T.i.t.e.l..........Untitled.....QHelp.....\.D.i.e. .K.a.t.a.l.o.g.d.a.t.e.i. .k.a.n.n. .n.i.c.h.t. .k.o.p.i.e.r.t. .w.e.r.d.e.n.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....\.D.a.s. .V.e.r.z.e.i.c.h.n.i.s. .k.a.n.n. .n.i.c.h.t. .a.n.g.e.l.e.g.t. .w.e.r.d.e.n.:. .%.1..........Cannot create directory: %

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_en.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:j2wZC4n:CwZ
MD5:	BCEBCF42735C6849BDECBB77451021DD
SHA1:	4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
SHA-256:	9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
SHA-512:	F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
Malicious:	false
Preview:	<.d....!..`...

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_es.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10704
Entropy (8bit):	4.481291573289571
Encrypted:	false
SSDEEP:	192:q9J9j7e4BQhD0h61nnKz+DJF/45ojDU9V1Wa/rmtIBMH:Wp64ShDnnKz+FhjQpWa/ytoMH
MD5:	9EDF433AB9EE5FC7CF7782370150B26A
SHA1:	A918AE15A0DF187C7789BE8599A80E279F039964
SHA-256:	FD16B279F8CF69077F75E94D90C9C07A2AFFF3948A579E3789F5FFB5E5F4202D
SHA-512:	88245F6FBAAF603A03D7EA2341411AE040791D47C9FF110C6D6CDD8165F0A8BA7A4A0DA5CD543BBE95A4E93FE3A81E95B3664E00C11791FBCB4923E3A80ABC60
Malicious:	false
Preview:	<.d....!..`.......es_ESB...(.(.....7.0T..../.5w... C.Uj......`.......a[....0..........t..............39..........&e.........B<s...D..M^..............J..%p.O5^...I..)^...1..o>.......J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>....................G...#...w............!.......%..,................^............$a......6.>..........#...K...........$C.W.b....._Xn......GN...\|..~.......TH.."..!.....5.K.H..#f.........pN...j......'..P.~... .o........(....>....."<..~....c.s.>.....o.... ..z.q..........................u.h....!p.......*..e....Qi..'}......(.L.a. .r.a.z...n. .d.e. .e.s.t.o. .p.u.e.d.e. .s.e.r. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n. .e.s.t... .s.i.e.n.d.o. .i.n.d.e.x.a.d.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....2.R.e.s.u.l.t.a.d.o.s. .d.e. .l.a. .B...s.q.u.e.d.a..........Search Results.....QCLu

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_fr.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10922
Entropy (8bit):	4.459946393010639
Encrypted:	false
SSDEEP:	192:w4BIn67/WsmoB3r6M/eYlSbyE7DnvE7pcn9nPJZe7nOFovzcNn7Uhmio+2/p53I/:w4N19fq3n2c9Bucuhmi52/X3Qpam
MD5:	D520C7F85CC06C66715A2B6622BF0687
SHA1:	47292D068172FBC9DC0D9BE2F479E890A37CE138
SHA-256:	687E351C062F688AAFF6CF05218D6017B80B1A1B4238D1D30250A55EE41C5FED
SHA-512:	736B50BB64751B127300BCAFE88888A9D9A2081CBF934EDCFFEF6CEF0575505AFDF714273A97671ABB598AE3D23C8E55F7DCD632FB0AA219ED5F763768576E04
Malicious:	false
Preview:	<.d....!..`.......fr_FRB...(.(.....y.0T....K.5w...!1.Uj....*.`.......a[............5..t..............39....m.....'W.......S.B<s...d..M^.. ...........J..&`.O5^...+..)^......o>.......J..&.......$....t.....8dz..%..D ......k.N.....k.N...D...n.......I...........c..2>..........M.........G...$...w....K..................,................^............$a......6.>...c......$...K....'......%M.W.b....._Xn...j..GN......~.......TH..#..!.......K.H..$Z......,..pN..........'..P.~.....o........(....h.....#4..~......s.>...M.o....!..z.q...........p......L.........h...."^.......b..e.....i..(W......(.I.l. .e.s.t. .p.o.s.s.i.b.l.e. .q.u.e. .c.e.l.a. .s.o.i.t. .d... .a.u. .f.a.i.t. .q.u.e. .l.a. .d.o.c.u.m.e.n.t.a.t.i.o.n. .e.s.t. .e.n. .c.o.u.r.s. .d.'.i.n.d.e.x.a.t.i.o.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.e. .:..........Note:.....QCLuceneResultWidget.....2.R...s.u.l.t.a.t.s. .d.e. .l.a. .r.e.c.h.e.r.c.h.e.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_gl.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10891
Entropy (8bit):	4.5087667371046205
Encrypted:	false
SSDEEP:	192:Im7gBZHx4hCTNarW6EJDvoIR765f40wqNcMi/8F/Ihon:v0fHccarW6Eh61wqNcMi/Q/won
MD5:	B62C74793741FC386332A59113E8D412
SHA1:	589CE099F2C1D92581B5CF0E17BE49A2BF0014D4
SHA-256:	7399A248609974773F60866C87B78EA7DFBC4F750313D692F7886CD763883C9F
SHA-512:	D8E1A3B3732662BA572A1387651F2625742710834BEDB41809DA47B5D23020AA1B558B64A00C10C605D1844F0544483163F4A6227CAFFA5ECDABF3BBF4E12D9B
Malicious:	false
Preview:	<.d....!..`.......gl_ESB...8.(.......0T......Uj......`.....`.a[....F..........t..............1"... S.39.......s...!.............'F.........B<s...8..MQ.. ...........J..&S.0.....x.O5Q......)Q...O..o>...{.......#...J..&.......$....t.....8dz..%..D ......k.A.....k.A.......n.......I.................."...21....................G...#...w............[...!...?...........Q...?........$a....v.6.>..........$...K...........%0._Xa......GA...n..........~.......TH..#..K.H..$M.........pA...Z......'..P.~...B.o........(..........#+..~......s.1.....o....!..z.q...e.............................. ..e....wi..((......(.A. .r.a.z...n. .d.i.s.t.o. .p.o.d.e. .s.e.r. .q.u.e. .a. .d.o.c.u.m.e.n.t.a.c.i...n. .a...n.d.a. .e.s.t.e.a. .a. .i.n.d.e.x.a.r.s.e...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.....*.R.e.s.u.l.t.a.d.o.s. .d.a. .p.r.o.c.u.r.a..........Search Results.....QCLucene

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_hu.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10284
Entropy (8bit):	4.674501432335502
Encrypted:	false
SSDEEP:	192:RNY+rCG3e7LBqYqYseBb/FEWBgSn62TdJgDO9esYGY3DtgGh621XlZ/8kWvIMK:4+rheHYYZdBb/pgSn62T/FeVD3DGGh62
MD5:	5A56E9E2ED6ECE3F249D1C2A7EB3B172
SHA1:	D6F079F40FBB813B0293C1D2210BAE7084092FEC
SHA-256:	70F33B569C2942F41C6D634EA6A61CB8D80EB2C7011BAD48EF6DBAE9677960D5
SHA-512:	28947128FC51791CFDBFD3958FAF9B33979DB52C90AE0159EDB01FE6032284EB37BC05187162983A0435560BCEA864B008F499CDB4CE662792599FE20A37972A
Malicious:	false
Preview:	<.d....!..`.......hu_HUB...(.(.......0T......5w......Uj......`.....4.a[....N..........t....".........39..........%..........B<s...8..M^...8..........J..$..O5^......)^...]..o>.......J..$......."N...t.....8dz..#g.D ......k.N...>.k.N.......n.......I..............2>..........a.........G...!...w.......................,................^............$a......6.>.........."...K....m......"..W.b...l._Xn...~..GN......~.......TH..!F.!.......K.H..!..........pN..........%..P.~...<.o........(.......... ...~......s.>...{.o.....c.z.q...K.......v......l.........h.... ........t..e....mi..%.....~.(.E.z. .a.m.i.a.t.t. .l.e.h.e.t.,. .h.o.g.y. .a. .d.o.k.u.m.e.n.t...c.i... .m...g. .i.n.d.e.x.e.l...s. .a.l.a.t.t. .v.a.n...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......M.e.g.j.e.g.y.z...s.:..........Note:.....QCLuceneResultWidget.....&.K.e.r.e.s...s.i. .e.r.e.d.m...n.y.e.k..........Search Results.....QCLuceneResultWidget.......A

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_it.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10612
Entropy (8bit):	4.458970627057882
Encrypted:	false
SSDEEP:	192:nRxcfy71b+myBN16cbc+w45rtlTnzo7uHp3JQJ9cVu4BJ1G82g33vOVrNL/7nEF1:RR4R/fJn9JizTgnqrNL/b0hH2K
MD5:	3639B57B463987F6DB07629253ACD8BF
SHA1:	65935A67C73F19FCF6023FB95030A5ACAF9DA21C
SHA-256:	316FE8D0815E2B4B396895BEB38EF1A40431915B5E054DF80F4C0CD556F26E4B
SHA-512:	AD7CA93D93A69F273CE80BE7F2F477543B9C5F9C7E4D7448223BFF084EA956B626D6837F22D83C5E282688B938F58C29073C4B5C6F26A797F716C14FABF9FFEE
Malicious:	false
Preview:	<.d....!..`.......it_ITB...(.(.....g.0T....y.5w... ..Uj....2.`.......a[............'..t..............39..........&..........B<s...j..M^...h......K...J..%..O5^...K..)^......o>...u...J..%.......#....t.....8dz..$..D ......k.N.....k.N.......n.......I..............2>.................o..G..."...w............-......./..,................^...'........$a......6.>..........#...K...........$..W.b....._Xn......GN......~.......TH.."n.!.....5.K.H..#"......>..pN..........&..P.~.....o.....~..(....p.....!...~....A.s.>.....o.... ..z.q..........................q.h....!0.......*..e....;i..'!......(.L.a. .c.a.u.s.a. .d.i. .c.i... .p.o.t.r.e.b.b.e. .e.s.s.e.r.e. .c.h.e. .l.'.i.n.d.i.c.i.z.z.a.z.i.o.n.e. .d.e.l.l.a. .d.o.c.u.m.e.n.t.a.z.i.o.n.e. ... .a.n.c.o.r.a. .i.n. .c.o.r.s.o...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......N.o.t.a.:..........Note:.....QCLuceneResultWidget.......R.i.s.u.l.t.a.t.i. .d.e.l.l.a. .r.i.c.e.r.c.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_ja.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	7917
Entropy (8bit):	5.680408580146589
Encrypted:	false
SSDEEP:	192:mP6J37GcBzRjYEPEJJGTnwfJJxb7FTPjzzZBL3/q/I53:mSVqclR5s6Tnwfb7Pj/PL3/q/w3
MD5:	1380A9352C476071BDA5A5D4FED0B6C5
SHA1:	9B737ED05F80FE5D3CD8F588CCEC16BB11DD3560
SHA-256:	AE603B2C0D434D40CDE433FFCBA65F9EE27978A9E19316007BE7FE782A5B8B47
SHA-512:	EC3D68126488C3A163898BACAF7E783217868573635182CAF511ED046B4BE1F99A71FBB24DA607CCB50EDAF70893007AAEE9A6BAAE4C1CD33465A0915AA965DA
Malicious:	false
Preview:	<.d....!..`.......jaB...(.(.....S.0T......5w....'.Uj......`.......a[............u..t............!.39.....................B<s......M^..............J...>.O5^...O..)^......o>.......J...............t...w.8dz.....D ......k.N.....k.N...H...n.......I...........i..2>...<......G......9..G....P..w............i..........,................^..........'.$a......6.>...5..........K............S.W.b...2._Xn......GN...@..~.......TH.....!.......K.H.............pN...........S.P.~.....o.....\|..(..............~....o.s.>.....o.......z.q..................@.........h.....&....... ..e.....i........@.(0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0K0.0W0.0~0[0.0..).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..:..........Note:.....QCLuceneResultWidget......i.}"}Pg...........Search Results.....QCLuceneResultWidget.....R0.0.0.0.0.0.0n}"_.0nO\b.0L}BN.0W0f0D0j0D0_0.0.i.}"}Pg.0LN.[.Qh0jS..`'0L0B0.0~0Y0..........VThe search results may

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_ko.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	5708
Entropy (8bit):	5.698914195742074
Encrypted:	false
SSDEEP:	96:elPQHJ6L4c7LaQaFQv2QEhBL+Ejma0W40U0BzlQlcrnUSaTIdspIc18CLRSM3LBY:dHI97W1BbNz1VqqzJpoj5y5uY7OGrWFE
MD5:	CD15674A652C2BF435F7578E119182F8
SHA1:	AEA22E4A0D21396733802C7AB738DDD03737B7D6
SHA-256:	F11C64694E8E34E1D2C46C1A1D15D6BA9F2DB7B61DE4FDF54ECA5AB977C3E052
SHA-512:	88BFA112F4DBC0BFB4013CE0937E5180B4AB4A217FC8A963798C7C86532E794E4A1AD88416AE42F26A1C0631B465A5D69BFE75366E048502F5E21F4115A12F19
Malicious:	false
Preview:	<.d....!..`.......koB............%.......0T......K:^...g.Uj......`........YJ...>.E.4...........z...>..........;.B<s...K.B\>...b........+.s.....zq....[..9....F..vR......@.......@.......:....c.8Z......g.N...7..F....\|...........t.....D ......k.N.......I...m..^......`#....!..2.......G....@...N.................................X..K....{.......i..GN......NO.............K.H..........S..pN...z..V...............................>...........:.~.....i..%c.....z.q....i...s......D.0. .............Add Filter.....FilterNameDialogClass.......D.0. .t...:..........Filter Name:.....FilterNameDialogClass........... ...L..........Untitled.....QHelp.....(...L... ...\|.D. .....`. ... ...L.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....".....0...\|. .... ... ...L.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....2...\|. .%.1... ...x. .L.t...D. .... ... .................&Cannot create index tables in file %1......QHelpCollectionHandler.....,.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_pl.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	9673
Entropy (8bit):	4.622652249027856
Encrypted:	false
SSDEEP:	192:TO/7kBL9wGu3wtCnlhLJUBB7oph+mZ18LgP:T8QnwcCnlhdvphpZ18LgP
MD5:	2B68446B69D9AA40B273D75A581D2992
SHA1:	8A09BD38998543B74E2673478EDD54FB4BBDD068
SHA-256:	CC6CB4D8C54086224672F2E49E623C8CB7C0C1CD65B8D5ECD42FC9BA3A6065BD
SHA-512:	F3A3D6A416B3411613B06FC3EE56625D4D4DE80087182AB0D0601E49314861ABEF97D11A15B4C0511911544A59FBC4A4A52F0CCF0FD43F763A76A8922D8E57B6
Malicious:	false
Preview:	<.d....!..`.......plB.....(.......0T....T.5w......Uj... R.`.......a[...............t............2.39....H......6.......n.B<s.. ...M^..._......6.O5^...F..)^......o>...............t.....D ......k.N.....k.N.../...n.......I...W..........2>...w................G.......w............&.......:..,................^...(..... ..$a....?.6.>...$..........K......W.b....._Xn......GN...Y..~......!.....*.K.H...E....."...pN...-.........P.~...}.o........(....1..~......s.>......%c.."..o.....r.z.q............................h................e.....i..#.......N.i.e.n.a.z.w.a.n.y..........Untitled.....QHelp.....P.N.i.e. .m.o.\|.n.a. .s.k.o.p.i.o.w.a... .p.l.i.k.u. .z. .k.o.l.e.k.c.j...:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....>.N.i.e. .m.o.\|.n.a. .u.t.w.o.r.z.y... .k.a.t.a.l.o.g.u.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....H.N.i.e. .m.o.\|.n.a. .u.t.w.o.r.z.y... .t.a.b.e.l. .w. .p.l.i.k.u. .%.1........... Cannot create tables in file

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_ru.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	7288
Entropy (8bit):	5.297177914619657
Encrypted:	false
SSDEEP:	192:dBJjvfq7D6X68uBAzlp5W9+yBPZZZMM7vL0PXJL:JKrMEL0PXJL
MD5:	794AF445A5D7082D51BD22683449F86D
SHA1:	3A0C369872B112A1572AA17EEB814B168B225D98
SHA-256:	557B644E6DA5F1EC720EF93965617087E4D1F40B2494CC5AA524CF3796108DE7
SHA-512:	D42C870A16AEE7626BBE24886AD423895529A2F1A51AC2DBC303BC0E4EF9D3241FE894ECA3F7217AD408C8DCEE165CA4B89D84570357B0EB80340A3F72B0A846
Malicious:	false
Preview:	<.d....!..`.......ruB..........\.%.......0T......K:^.....Uj....L.`........YJ...X.E.4...............>............B<s.....B\>............+.s.....zq.......9....B..vR...L..@.......@....G..:......8Z......g.N......F....>...........t.....D ....R.k.N...E...I...W..^......`#....s..2.......G....^...N.........................K.......d..K............O..GN...b..NO.............K.H.............pN...P..V....................g..........>.............~........%c.....z.q....i........$...>.1.0.2.;.5.=.8.5. .D.8.;.L.B.@.0..........Add Filter.....FilterNameDialogClass.........<.O. .D.8.;.L.B.@.0.:..........Filter Name:.....FilterNameDialogClass.........5.7.K.<.O.=.=.K.9..........Untitled.....QHelp.....b...5. .C.4.0.;.>.A.L. .A.:.>.?.8.@.>.2.0.B.L. .D.0.9.;. .:.>.;.;.5.:.F.8.8. .A.?.@.0.2.:.8.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....<...5. .C.4.0.;.>.A.L. .A.>.7.4.0.B.L. .:.0.B.0.;.>.3.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....`

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_sk.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	4.70568613551943
Encrypted:	false
SSDEEP:	192:uPq7iBWseXKkVu4+Qv9zEJ1xGMaLNmBgJqdC6/MxIMt:LWcseV04Xv9zEoLNDJqdX/MxRt
MD5:	75C94E59F1FC5312AE25381C247AF992
SHA1:	E3E5F4582CC5FAFE6DF43644D11484861023C084
SHA-256:	F41E33E1D790BD0D3EB180F1F875BC191FE74773628F25C2CAD95E1402E66867
SHA-512:	959B8F4D57FC9728DD4804322333D1792D45A0EE85615B559E0CA3BD2DEA22E2C8C68C6482AE9425D29C819B0ED27473EDDC82EF4B6ECFFB2E2E7B56E1509B63
Malicious:	false
Preview:	<.d....!..`.......sk_SKB...8.(.......0T......Uj......`.....0.a[....8..........t..............1"......39.......s........... .....%..........B<s...6..MQ..............J..$-.0.......O5Q......)Q...;..o>...........G...J..$......."....t.....8dz..#..D ......k.A...2.k.A.......n..._...I.................. ...21..........e.........G...!...w....Y...........!...........=...Q............$a......6.>.........."...K....i......# ._Xa..."..GA..............~.......TH..!{.K.H.."7.........pA..........%..P.~.....o........(..........!...~....u.s.1.....o.......z.q...c..............................f..e....9i..&-......(.D...v.o.d.o.m. .m...~.e. .b.y.e. .t.o.,. .~.e. .d.o.k.u.m.e.n.t...c.i.a. .s.t...l.e. .n.i.e. .j.e. .z.i.n.d.e.x.o.v.a.n.....).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......P.o.z.n...m.k.a.:..........Note:.....QCLuceneResultWidget.....".V...s.l.e.d.k.y. .h.>.a.d.a.n.i.a..........Search Results.....QCLuceneResultWidg

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_sl.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	10363
Entropy (8bit):	4.613473842638716
Encrypted:	false
SSDEEP:	192:vNBqTi7qBCVIQf54EslZ2Jy/L/BnmpP0bX3caK6q1B6/hgIlCCUb0:vjq2+UVT4ESZOYmpP0bX26q1I/yqCCUw
MD5:	3B0AEE27B193A8A563C5CB5C7C4FE60F
SHA1:	C94E832595EC765370553468F87C02DB7E7D138A
SHA-256:	2EC955E662407EBCD8DCDAE5AAA21E4108E0B5B0AEE0E9DB712C27072943535F
SHA-512:	EBC25C378126876F44279E23CA0CF06FC9E7D5F51AD7E3DBDABA7A50C81112EDC1C76F7FD0AF47E447A93C3593BB953A0C9C1FBBFC49494E6B29BF21655F690E
Malicious:	false
Preview:	<.d....!..`.......slB...8.(.....E.0T......Uj......`.......a[............!..t..............1"....;.39.......s....^............$........i.B<s...,..MQ..........}...J..#..0.....Z.O5Q...[..)Q......o>...............J..$I......"W...t...C.8dz..#H.D ......k.A.....k.A.......n.......I.................. P..21....................G...!...w............?...!...3...........Q...+........$a....>.6.>.........."...K...........".._Xa......GA..............~....A..TH..!I.K.H..!..........pA...>......%..P.~...>.o........(....d..... ...~......s.1.....o.......z.q.....................................e....{i..&.....z.(.R.a.z.l.o.g. .j.e. .m.o.r.d.a. .t.o.,. .d.a. .s.e. .d.o.k.u.m.e.n.t.a.c.i.j.o. .a.e. .v.e.d.n.o. .i.n.d.e.k.s.i.r.a...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.......O.p.o.m.b.a.:..........Note:.....QCLuceneResultWidget.....".R.e.z.u.l.t.a.t.i. .i.s.k.a.n.j.a..........Search Results.....QCLuceneResultWidget.......R.e.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_tr.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	4629
Entropy (8bit):	4.68793836539357
Encrypted:	false
SSDEEP:	96:BoiK0UD2wMLb7Lqlguotqbww5BLNwWjK0kHU9zuQlUVUfniqthweEIFwC18lLEGA:PXFf7pU75BWWOpcJcVqDFNz8brgyf76r
MD5:	32D6EE3D8EE6408A03E568B972F93BCB
SHA1:	582EE079DBD42000C378E0701D26405750524DBA
SHA-256:	EBDECA0CFEE7A9441DEB800BABFD97C63BC4E421DA885C55B3BD49725EBACD25
SHA-512:	24AAA30B9CB4DB82A57411FBA24A87D70D8B845AE48A6FDA633D0BE6B824B58FDD2F450C2B385F16F49E2F9C6FA0A3124FD0F28594726940F996C66F8F3216CC
Malicious:	false
Preview:	<.d....!..`.......tr_TRB.....%.....[.0T......Uj......`.....$..............L.B<s.....B\>..........4.+.s...............t.....D ......k.N...5...I......2.......G....5...N..........a...............f..K....9..........GN...........@.K.H..........q..pN...t..........>...z.~...../..%c.....z.q....i..........B.a._.l.1.k.s.1.z..........Untitled.....QHelp.....J.K.o.l.e.k.s.i.y.o.n. .d.o.s.y.a.s.1. .k.o.p.y.a.l.a.n.a.m.1.y.o.r.:. .%.1..........Cannot copy collection file: %1.....QHelpCollectionHandler.....2.D.i.z.i.n. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r.:. .%.1..........Cannot create directory: %1.....QHelpCollectionHandler.....\.%.1. .d.o.s.y.a.s.1.n.d.a. .d.i.z.i.n. .t.a.b.l.o.l.a.r.1. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r...........&Cannot create index tables in file %1......QHelpCollectionHandler.....N.%.1. .d.o.s.y.a.s.1.n.d.a. .t.a.b.l.o.l.a.r. .o.l.u._.t.u.r.u.l.a.m.1.y.o.r........... Cannot create tables in file %1......QHelpCollectionHandler.....P.S.q.l.i.t.e. .v.e.r.i.t.a.b.a.n.1. .s...r...c...

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_uk.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	9750
Entropy (8bit):	5.281035122342072
Encrypted:	false
SSDEEP:	192:eMp79BCN+u8hhbHbny+HJouHgei50JBSfDvbetpP/RIkT:eIhgNgBbny+phiS3SfDDetpP/RRT
MD5:	90A776917D534B65942063C319573CDC
SHA1:	5DF3B213D985A3BBDB476B37B7780D7D7DF17E41
SHA-256:	497CFC473684692EE44D7A3795E8FB2270C57069FD9EB98A615DD29AB9BE8A7C
SHA-512:	B34A019716B50CE8E1E20AC32756B3B0D5802971F7A04F4BDDE2418DA551AFB9742B79E934979DB6FAB9DAC05D7D26A3B19ABA77158321F8D9AAB08AEBBD455A
Malicious:	false
Preview:	<.d....!..`.......uk_UAB...(.(.....?.0T......5w......Uj......`.......a[...............t............K.39....u....."..........B<s...8..M^...j......y...J..!..O5^...Y..)^......o>...o...J..":...... <...t...E.8dz..!3.D ....".k.N.....k.N...d...n.......I..............2>...>......o.........G.......w............E.......e..,................^...S........$a......6.>...'...... y..K........... ..W.b....._Xn......GN...p..~.......TH...4.!.....9.K.H.............pN..........#].P.~...~.o.....N..(....b.........~......s.>.....o.....o.z.q..........................U.h.............D..e.....i..#.......(...@.8.G.8.=.>.N. .F.L.>.3.>. .<.>.6.5. .1.C.B.8. .B.5.,. .I.>. .4.>.:.C.<.5.=.B.0.F.V.O. .4.>.A.V. .V.=.4.5.:.A.C.T.B.L.A.O...).........M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget.........@.8.<.V.B.:.0.:..........Note:.....QCLuceneResultWidget.....". .5.7.C.;.L.B.0.B.8. .?.>.H.C.:.C..........Search Results.....QCLuceneResultWidget....... .5.7

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_zh_CN.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	6441
Entropy (8bit):	5.790303416386852
Encrypted:	false
SSDEEP:	192:pB37nBD4H5PCyLDxLSzJPduYx9vja/FIgH9yIFqfs:rTZ4HUAD1S1JFe/F59PFqfs
MD5:	9297A6905B8B1823BF7E318D9138A104
SHA1:	3DB992A1B3BBCAF314B7EA4A000D6334D7492A52
SHA-256:	C02AAA20923F18ADDAB520BE5CB84EFD4C723396BDC24B4C9A72D406F101C7B4
SHA-512:	01F12CEE0AE456D78942A6049E1C77F94B406C8FFB4A5944DE15E54D1C760CDBA13279530A8F29B1443D1BBC647D3AF5436AAD8C43EB3944316C48300B3827E4
Malicious:	false
Preview:	<.d....!..`.......zhB......I....L.0T......Uj......`.......a[...............t....P..@....Z.......<.........39.......s....2.................B<s......MQ..........9...J......31.....0.......O5Q......)Q...^..o>...........(...........J...V...........t.....8dz.....D ....Z.k.A.....k.A.......n.......I...........t..w................!...........o.......D...Q...E........$a......6.>...h...............%._Xa......GA..........._..TH...r.........pA.............P.~.....o.....].~.q.............~......o.....h.z.q...........H..0q....................i........2..S.u...y.`.Q.v.S.V.S..f/V.N:..e.hckcW(..}"_.0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......l..............Note:.....QCLuceneResultWidget......d.}"~.g...........Search Results.....QCLuceneResultWidget.....,d.}"~.g.N_..^vN.[.et..V.N:..e.hckcW(..}"_............VThe search results may not be complete since the documentation is still being indexed!.....QCLuceneResultWidget..

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_help_zh_TW.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	9301
Entropy (8bit):	5.80411750798786
Encrypted:	false
SSDEEP:	192:4bgIXwsL78BQp4dRDP0ludqODa/wkB/tTWn5dJ6mO8IZiT9Dzz/wI3HyRWqUqS:lI/oS4dR5c/tTWn5/EZA9D/w+H8WqUqS
MD5:	47C3328D3918CF627112BB6C50E30B86
SHA1:	05705603AB3F28402A6C103E1C41DDFF21D140C0
SHA-256:	3697F1660D7F2AC9B37AC33CD1C7ECAE08ADBD26710E7E0076497CCDDC8BC830
SHA-512:	8DE1C3C5A48965CF6D8AA545DA9F0A5C00AE124F3E4153597915E7C0F4CAE1E26723270F58A47AA9FFA4AAF30E6EBA522D4EBAD27DECF17EF108E353E611980E
Malicious:	false
Preview:	<.d....!..`.......zh_TWB......I....[.%.......0T......0T......Uj......Uj....R.`.....>.a[....................g..t....7..@......................39.......s................... .........B<s.....B<s.....B\>......MQ..........[...J...]..31.....+.s...c.0.....U.O5Q......)Q...C..o>.......................J...............t...3...t.....8dz.....D ....R.D ......k.A.....k.A.....k.N...'...n.......I.......I...........[..2....x..G........N......w................!...........:...........Q...&...............$a......6.>...I.......L.......$..K......................_Xa...y..GA...O..GN...........$..........TH...I.K.H................ Y..pA...K..pN.............P.~.....o.....D.~.q......>.............~......~........%c.. ..o.....!.z.q...........#..0q....................i..!Y....(..g.S..f/V.p.N.W(^.z.e.N.v.}"_.uvN-0............M(The reason for this might be that the documentation is still being indexed.).....QCLuceneResultWidget......P..;............Note:.....QCLuceneResultWidget......d.\.}Pg...........Sea

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_hu.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	146
Entropy (8bit):	3.6255640074603277
Encrypted:	false
SSDEEP:	3:j2wZC4C/IrLlAlHekfK/gp1MUXaMlI+rwtbWlMiayIPldkOgn:CwDrC+TYIUrIRt6HoiHn
MD5:	5A46979B45C67DD6312F33CCEA2ED7BC
SHA1:	4C56836B1FB10D9903B299CBCB925947D515B4C8
SHA-256:	BB246AABD501E14CED8B1FFC1369E3D5D26567AAE62B3EAD4D94C22FB77C3471
SHA-512:	BDBA4E1731CF254E95B0F1337410937C765E96FBB1D42F1D053033E1511FEE6F50C02705F781F4DAA0347E2299DC78A5A9942AC4EA343ED1F8F401F9ACD961E4
Malicious:	false
Preview:	<.d....!..`.......hu....v.....q.t.b.a.s.e._.h.u.....q.t.s.c.r.i.p.t._.h.u.....q.t.m.u.l.t.i.m.e.d.i.a._.h.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.h.u

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_it.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153
Entropy (8bit):	3.5752972123113778
Encrypted:	false
SSDEEP:	3:j2wZC4C/EbFlAlHeke5zOp1MUWLt7KlI+rwtbWlMj5FKIPldkOA9kk:CwDM+35aIUW5SIRt6Q50oi9Gk
MD5:	2BB8C94D420D3BC344C79A01043BDC89
SHA1:	3FBA773D58E6D3699C20AB41AEE6801E71E2DDAE
SHA-256:	9117AAC2D07BC86DFA55A29B8825ED27C7093300FCC90E143E135E00E85F09D7
SHA-512:	C6B13655AFB206B0056F5656B4A9BF33CC267FCC928F6973258131CFA6443970510226FE45A041E5AA988809E17D0B11C7458F4A241C71521EDED186596C6055
Malicious:	false
Preview:	<.d....!..`.......it....v.....q.t.b.a.s.e._.i.t.....q.t.s.c.r.i.p.t._.i.t.....q.t.m.u.l.t.i.m.e.d.i.a._.i.t... .q.t.x.m.l.p.a.t.t.e.r.n.s._.i.t.......

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_ja.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	146
Entropy (8bit):	3.599979504080125
Encrypted:	false
SSDEEP:	3:j2wZC4C/il/lAlHekd6hY1MUV6JAlI+rwtbWlMgel3UlIPldkOG:Cwz4+pjUGAIRt6qVUloiB
MD5:	8A1EE3433304838CCD0EBE0A825E84D8
SHA1:	2B3476588350C5384E0F9A51FF2E3659E89B4846
SHA-256:	23457CE8E44E233C6F85D56A4EE6A2CECD87C9C7BDDE6D8B8A925902EED1CD9C
SHA-512:	2D8ACD668DF537E98B27161F9FA49828EB2EB6E9CF41DB38E7F5D31F610D150CD1B580A8AE9B472A4DFDE4D4BF983C24A56293BB911CF5879368664E4D4CF3D2
Malicious:	false
Preview:	<.d....!..`.......ja....v.....q.t.b.a.s.e._.j.a.....q.t.s.c.r.i.p.t._.j.a.....q.t.m.u.l.t.i.m.e.d.i.a._.j.a... .q.t.x.m.l.p.a.t.t.e.r.n.s._.j.a

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_ko.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	146
Entropy (8bit):	3.652277257665055
Encrypted:	false
SSDEEP:	3:j2wZC4C/rrr/lAlHekcQ/01MUUQMlI+rwtbWlMhQGlIPldkORn:CwCC+1Q/UUpIRt6SBloimn
MD5:	7B2659AF52B824EAC6C169CDD9467EE9
SHA1:	5727109218B222E3B654A8CC9933E970EB7C2118
SHA-256:	4CC1AF37E771F0A43898849CFF2CD42A820451B8D2B2E88931031629D781DB05
SHA-512:	E9475AC80BDBBEFF54F2724A2B6BA76992F18FD1913FD8EE1540A99FD7A112B79FED5A130B6AC6D7460E4420C06354FC6E4CF7770A7C6CBD3EAC1BDAF0082DE5
Malicious:	false
Preview:	<.d....!..`.......ko....v.....q.t.b.a.s.e._.k.o.....q.t.s.c.r.i.p.t._.k.o.....q.t.m.u.l.t.i.m.e.d.i.a._.k.o... .q.t.x.m.l.p.a.t.t.e.r.n.s._.k.o

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_lt.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	165383
Entropy (8bit):	4.805977227348512
Encrypted:	false
SSDEEP:	1536:i5v3+zmayloj6yJjhnBAbnrKnGrhA7WgdXclIsooY9i:SvOzAloj6yJ9BA7riGr+7WKXc+s5ui
MD5:	8992B652D1499F5D2F12674F3F875A35
SHA1:	E22766A49612F79156C550D83C6C230345DDA433
SHA-256:	47EB5F97467DF769261421D54A5BEA1131C9FB9B6388791D38BB6574335B64BF
SHA-512:	9B8B6DBFF432F2A46C14BC183A6BAF84ACBF02BF2C5BB8C306C6538FBD9BE1C0A9015BD46728F2F652F9163AFC56B1E16D16EB95D8F7728F3C562AE9F4F1AE1E
Malicious:	false
Preview:	<.d....!..`.......ltB..0X.....)C...+...\|......P....@..9....A..9....B..:....C..:....D..;....E..;....F..<6...G..<....H..=)...I..=....P..>q...Q..>....R..?....S..@f...T..@....U..A\...V..B....W..B....X..C....Y..Cy...]..k....t..........t>......th......t.......pd...;..J'...;.._h...;.......;...{...;..J....;...)...M..l....O...R...O...............}..l9...m..lo......^S..(5..P{..+;..4...+;......+;......+O..4...+O......1...^...E@..?p..F...C...H4......HY......H.......I...D...I@..s...IA..t...IC...2..J.......J....Y..J.......J.......K...9...LD...`..L.......PS......R.......T...q...Zr...`..[`......[`..&@..\....e..\....b.._......._....P..1........E..........5........L..1...O...1...PP......7......../...........$.......$.......,.......y.......y..........K^..............x......8................L...E.......E.......E......................%..:....%.........0U.....W......Zo.....^....5.......0..I....0...F...0...\|...0.......0.......0..+\...5...}.......... D...g.. D......+....j..,.......,.......<U...+..<U

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_lv.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	89
Entropy (8bit):	4.156834975253888
Encrypted:	false
SSDEEP:	3:j2wZC4C/HzllldQlHekbxplUp1MUTJ+b:Cwv+DIUEb
MD5:	19F1B919BB531E9E12E7F707BEBD8497
SHA1:	46E82683CEA28D877C73A5CE02F965BB1130FC62
SHA-256:	03467738042A15676E504BA02CB326DCDB773B171FADA3CD62B7A0E0564314A0
SHA-512:	901D7B26CAC7A4D0FFDB39A1D25767B5BC71BED4AFBE788D70BF19D4C58A8295167111675AB45E743FDF4768AF874D69417414C01CF23D5C525A3F6C8BF7D21F
Malicious:	false
Preview:	<.d....!..`.......lv....0.....q.t.b.a.s.e._.l.v.....q.t.s.c.r.i.p.t._.l.v........)....

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_pl.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	161
Entropy (8bit):	3.8693516202048612
Encrypted:	false
SSDEEP:	3:j2wZC4C/5J/p/lAlHekHp/7KlI+rwtbWlM6Tl/z21MUPp/FOlIPldkOjehB:Cwr+26IRt6nFURkloiT
MD5:	D71EA9FEFD97464B178235150EC8759E
SHA1:	61026FE602FD1B8B442A0D341C6BD759EEC75488
SHA-256:	BD7DD0C2CAB119A973DC10C3BFF7499D9728B928B541F86056921B30C8DB78E6
SHA-512:	ECD76A7D8B8D733E635B2BFEA90A4CD387B83D9D8A4EB6D299F59FF22AAA8D617A4C886A825A1CDDD901925C7839E2C18BDD4E0CD84152641922B66B62663F77
Malicious:	false
Preview:	<.d....!..`.......pl....v.....q.t.b.a.s.e._.p.l.....q.t.m.u.l.t.i.m.e.d.i.a._.p.l.....q.t.s.c.r.i.p.t._.p.l... .q.t.x.m.l.p.a.t.t.e.r.n.s._.p.l............,..

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_pt.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	70334
Entropy (8bit):	4.732724622610353
Encrypted:	false
SSDEEP:	768:OKGUuWW+WHjS0gMBd483+Y7bDPs4RHBloLUIltlzAJnx4nnliM1OPlOibLG:JGUuWPuSgm0Jn+n4Mhj
MD5:	6656500F7A28EF820AE9F97FD47FB5BB
SHA1:	CC112B9C9513BCF7497F3417168B4C8A9F7640A9
SHA-256:	2C1E7BBF5168A64B43752DD4C547601C0BDE6D610F8671FA3E3AF38597E84783
SHA-512:	5C3CBFCF86AF6B4D949C1D914CD379E512E73BA350AF661033A386EE7FB981FBFCB43D9A35FDE7656E17BB09F64F1469F84867A780573C3359D645269461D5A6
Malicious:	false
Preview:	<.d....!..`.......pt_PTB...(......9...+...e...]..6....;.......;..-....;..;`...;..};...;.......M..6....O... ...O...w...........}..7....m..7B..........+;......+;..8S..+;..>...+O......+O..8#..H4......H.......J......K.......LD...)..L....}..PS...l..Zr...B..[`...;..[`.....\...kU.._......._.......1...?...............8...............E............,..................p........0...............v...........%...O...%..G........4...0.......0..:....0..y....0..\|....0.......0...X...5.......5...... D..=... D..Kn..+....L..,...>...,......<U..z...<U......<.......F...>...F.......H5...4..H5..=...H5..K...H5......f....p..f...1...f...;...f...I...f...\|H..f.......f.......l....................b......<...............>.......L ...........`......`..._.......A......2....e...g...e..>D...e..LW................y...,..y......y..o...y......T..L...0..'..*.0....+F...y..+F......+f......+f...C..+.z..0..+.....d.+....p0.+.....R.+.z..0U.+.....u.+....8..+....Ct.+....L..+....y..+.....Z.+......+...pc.+.....+....0..

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_ru.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	164
Entropy (8bit):	3.984562388316898
Encrypted:	false
SSDEEP:	3:j2wZC4C/oZlAlHekF8Op1MUNKJKlI+rwtbWlM4KKIPldkOSxRMugB:CwY+GIUgcIRt61oihM3
MD5:	F7A8C75408B9A34A2B185E76F51B7B85
SHA1:	065E987139C5FB809A6F9CDF3845BCD79707FDBB
SHA-256:	6492B267608C6FB76907BD8FCFC8F1EF57E9F4EBBC2E81ACA81715A88388F94A
SHA-512:	E768C5B438EC899801B22B1325F2244ACCC5E7C2EC5D270F510BC3CBC2D9A0536949C026DB7FB5862835E506A9F2020DEB2CC4001E7011FF974324542734F855
Malicious:	false
Preview:	<.d....!..`.......ru....v.....q.t.b.a.s.e._.r.u.....q.t.s.c.r.i.p.t._.r.u.....q.t.m.u.l.t.i.m.e.d.i.a._.r.u... .q.t.x.m.l.p.a.t.t.e.r.n.s._.r.u........)......,..

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_sk.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	157
Entropy (8bit):	3.7731953311404336
Encrypted:	false
SSDEEP:	3:j2wZC4C/3xRlAlHekE8lgp1MUM8lMlI+rwtbWlM5UllyIPldkOfll6kchn:CwS0+t8CIUM86IRt6KUlsoi2CVh
MD5:	24C179481B5EF574F33E983A62A34D53
SHA1:	0A67F1ED8CA4A5182F504806F8D47D499789F2D2
SHA-256:	B6ADFFD889FF96BF195CB997327E7D7005A815CAD67823FA6915A19C2D9BB668
SHA-512:	4757F3693120DAB2FBB7BCF1734EA20B3E3D9056B4B4E934A3129D660CFDC6C58B230459DB55912AF24AD5692BD221830BE0FF91E41D3EECD9439E79AC23FFE6
Malicious:	false
Preview:	<.d....!..`.......sk....v.....q.t.b.a.s.e._.s.k.....q.t.s.c.r.i.p.t._.s.k.....q.t.m.u.l.t.i.m.e.d.i.a._.s.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.s.k...........

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_sl.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	228428
Entropy (8bit):	4.726953418955661
Encrypted:	false
SSDEEP:	3072:9zQH0hOtgmiAZu0eeAEv+v49JnnSmICgr3n7jhCQUeinqyU5UggtRLGrQ2LZO+Y1:RpUsSpGr36wsR
MD5:	D35A0FE35476BE8BD149CEE46E42B5E9
SHA1:	9F3C85C115A283E5230D1EEAD84C8CB73A71FA03
SHA-256:	C44E0313A9414CC0E490B65B0C036FA11BCA959353B228886547BC2C8492034F
SHA-512:	BEEB1751882AF081E80BE93F7464D4C6322B724EFA2CBD3E1CBE709181D380C1C57E770FA962BB706D6FCF4A8CB393E3F6E187C1F604F8CEEFB201CA3200BD1C
Malicious:	false
Preview:	<.d....!..`.......slB..<....*.......+.......@...C...A.......B...<...C.......D...2...E.......F...d...G.......H...W...I.......P.......Q.......R.......S...x...T.......U...n...V...%...W.......X.......Y.......]..g~...t...V.......f..................................;..G....;..[....;...q...;..ia...;... ...M..g....O.......O.......[..,e...........}..g....m..h........Q..(5......+;..2...+;...b..+;...i..+O..2...+O...4..1......E@......F.......H4......HY...%..H.......I.......I@......IA...9..IC......J...6...J.......J.......J...^...K...7...LD......L....n..PS...U..R.......T....=..Zr......[`...V..[`......\...!,..\...8U.._..."b.._.../h..1.......E...9......4...............5........e...................$...<...$..Z....[.......,.......y...L...y..].......H.......@.......J.......6........~..........E...O...E..+....E...~..............,1...%..8r...%...........^..............................5.......0..Gx...0.......0..P....0..h....0.......0.......5...^.......... D...... D......+....`..,.......,...-...<U

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_sv.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	65851
Entropy (8bit):	4.7906769989650515
Encrypted:	false
SSDEEP:	1536:4u6DkpgyKmRmG15mGM6iFPi6Q/qTlOQZY2dKN8gKw:4u6DotUG1sGMZPi6Q/qTlO2Y2YKw
MD5:	0E85E0E0E7DDFE3D4BDE302F27047F9C
SHA1:	AE59348E0C2E4F86F99DA6CF5DAB3B7E92504B7C
SHA-256:	4B4B6FF7FD237C9DA0301B4946132E68653D15EB5FAF38E4C5FBFEBB12DD97F7
SHA-512:	8CAAB6C61E9FA26A3A289A9E4DC515D157B3092D6D4ED43861220261BD2B7CC79B35B52F9ADE4EF558B5385B37EAC14575420DD55C475F435BB95B6C1E2561B6
Malicious:	false
Preview:	<.d....!..`...B..............+...i...]..6....;.......;..-f...;..:;...;..t....;.......M..64...O.......O...........q...}..6\...m..6........(..+;......+;..7...+;..=...+O......+O..7c..H4......H.......J.......K....F..LD...+..L.......PS...N..Zr......[`...7..[`...N..\...h4.._....J.._....k..1...>...............7........}......D............,.................i....................................%.......%..Fc.......6...0.......0..9....0..q....0..t....0.......0.......5.......5...... D..<}.. D..I...+.......,...=X..,.......<U..r...<U...n..<.......F...=...F....F..H5......H5..<...H5..J4..H5......f.......f...1V..f...:f..f...H;..f...t&..f.......f.......l..................8......;z..............<.......Je.......6...`...&...`...!.......9......1....e.......e..=....e..J..............g...y......y.../..y..h...y......T..J...0..'[..0...K.+F...q..+F.....+f......+f...A..+.z../..+.......+....i`.+.....X.+.z../..+.....S.+....7..+....Bi.+....K..+....q..+.......+......+...i..+.....+....0..F0i.....G.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_tr.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	110
Entropy (8bit):	3.630483009136986
Encrypted:	false
SSDEEP:	3:j2wZC4C/7zl9lAlHekDN/01MULV4LlI+rwtbWlM+N:Cw5+wUGRIRt6n
MD5:	16CDF5B9D48B0F795D532A0D07F5C3A0
SHA1:	6E403C9096B3051973E2B681DFEBBC8DD024830D
SHA-256:	F574A2CFD4715885C3DBDF5AE60995252673BD94FDAA9586F7E0586F6C1AC0EE
SHA-512:	36A0431368010157EA8A45DCB00458076CCFFC08B37E443DEBD1AAD4A30C6080803337725A7A3DCBF2B410DC7BE89CEAF6C07C46F876E4EF5B08159E3BF38E6D
Malicious:	false
Preview:	<.d....!..`.......tr....R.....q.t.b.a.s.e._.t.r.....q.t.s.c.r.i.p.t._.t.r.....q.t.m.u.l.t.i.m.e.d.i.a._.t.r

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_uk.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.021402900389864
Encrypted:	false
SSDEEP:	3:j2wZC4C/ZlRlAlHekCczOp1MUKUt7KlI+rwtbWlM/cFKIPldkONRMugB:CwUl0+rjIUKUcIRt6M/oioM3
MD5:	9B101363343847FE42167183320C03F0
SHA1:	F0DF2CFF913E588B7CADFDABBF69F4F632B2F96A
SHA-256:	F1621E680E1642F9463E4B07E7E78B50F9A7BDB7C321D7302039CB3405CBDEA4
SHA-512:	DA14FDF8DB514902733CAAC492293873351C595EBBE0ACB0849BECE24AB822602EE64D01051F1426CD1FC13A95D8607302CF9B515D9806FDD3BD047087DE447C
Malicious:	false
Preview:	<.d....!..`.......uk....v.....q.t.b.a.s.e._.u.k.....q.t.s.c.r.i.p.t._.u.k.....q.t.m.u.l.t.i.m.e.d.i.a._.u.k... .q.t.x.m.l.p.a.t.t.e.r.n.s._.u.k........)......,..

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_zh_CN.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	117347
Entropy (8bit):	5.8593733369029195
Encrypted:	false
SSDEEP:	1536:51dXW89nqEFu54aekvRzHHSVuf8j2+/xc3lhnbsfdAoz/w:v9qEFeLekvRznSVHJG3lhn+djY
MD5:	0D02F0DE5A12BCB338B7042DFBDAACF3
SHA1:	B7C10D249D8986AD8C6939B370407D07227A39F5
SHA-256:	28CDE75D7B32C81FEF1D4630C37B79A61DEC24B357632FF00D6365A57D8BE43B
SHA-512:	21F02EBA36B4411921EA3C70310B8E454E8FC2B8F09957FD6A63B71689DC381F7A5E2C3BDF2810734D659AB43D8A7BD46EF6436ECC52F75C71B5F5C313365444
Malicious:	false
Preview:	<.d....!..`.......zhB..+...........+.......@.......A...8...B.......C.......D.......E...V...F.......G...L...H.......I...9...P.......Q...e...R...^...S.......T...T...U.......V...\|...W.......X...o...Y.......]..4 ...;...2...;..,....;..8....;.......;.......M..4H...O.......O...........#...}..4p...m..4........N..(5......+;...f..+;..6Y..+;..<...+O...8..+O..6'..1......E@......F....Y..H4..."..HY..J...H.......I.......J.......J.......K....5..LD..._..L......PS...V..Q....6..R...N...W..../..Zr.....[`.....[`......\...lU.._......._....L..1...<........j......6...............B........I...$..K....$.......,...g...y...3.......A......r...........................9..L7......;w...E..5b...E...G.......5...%.......%..D........`..............................0.......0..8W...0..}y...0...6...0.......0.......5.......5...... D..:... D..J...+....R..,...;...,......<U..~...<U......<......F...;...F......H5...i..H5..:...H5..Jk..H5...w..VE...[..f....u..f...0X..f...9...f...E...f.......f.......f....j..g....A..l.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qt_zh_TW.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	141
Entropy (8bit):	3.7198292994386235
Encrypted:	false
SSDEEP:	3:j2wZC4C/0N6xg/Rl/gl+kNXDelHrwtbWlMwTolIPldkOfDn:CwOO2+g6Mt63oloiUn
MD5:	ED4135D705AEF3D97F8BF6B8FF11F09C
SHA1:	308E2B8F74B863A61AD0B68F4A18ED06965EBEAA
SHA-256:	751ECDA0C33E061D91241268357FBD2F6B7F70A1116E714F28D22EFD61EC7A1A
SHA-512:	B6E6D00553A9C427130129B9D30E862028E549F372A832F0F05747C8E2A79E443F4932EC3AE177537C8BA00D26B5B6CB97D5B35426AB5229F6A468CA485BE0B1
Malicious:	false
Preview:	<.d....!..`.......zh_TW....n.....q.t.b.a.s.e._.z.h._.T.W...$.q.t.m.u.l.t.i.m.e.d.i.a._.z.h._.T.W...&.q.t.x.m.l.p.a.t.t.e.r.n.s._.z.h._.T.W

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_ar.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	160017
Entropy (8bit):	5.35627970915292
Encrypted:	false
SSDEEP:	1536:XGlAMfkX1M0RdaCkR8lfv8vtc8EFrVYA2I4AJZWEWgHg1C8COvzHKHC6Jp9NV0V7:XUr0RACkIwDEpV1Lgf1ubtw3Bb
MD5:	A7E4D0BA0FC5DF07F62CC66EC9878979
SHA1:	21FD131B23BDD1BBA7BBB86F3ED5C83876F45638
SHA-256:	E03FE68D83201543698FD7FE267DD5DFC5BFD195147E74FF2F19AC3491401263
SHA-512:	D9E6B10506FCF20B5B783F011908083D9DF6C5DF88E21B10D07F53A01AD6506A4B921C85335A25BAE54E27BAD7D01B6E240D58FDEEAABC7FF32014EC120C2ECF
Malicious:	false
Preview:	<.d....!..`.......arB..2....*.......+.......@.......A.......B..._...C......D.......E......F.......G... ...H...D...I...h...P...C...Q...g...R......S.......T.......U.......V...x...W......X.......Y.......]..'=...s......t...........]...........;..'....;..(....;.......;.......M..'e...O.......O...9...........}..'........C...=......m..'....t..........!o..(5...Z..+;..5u..+;..c...+O......1...!...D@...8..E@.....H4...,..HY..QI..H.......IC......J....1..J.......J.......LD......L.......PS......QR...R..R...V2..T.......U....]..X.......Zr.....[`......\....t..]x......_......._.......yg......1...6....E..8V..............C............................$..RN...[...0...,.......y.......y...................K...........9..R....E.."............z.......................%..F;...D...[..................................!....5.......0...I...0.......0...5...0..#....5.......5...p..............W}.. D..(... D..P=..+.......<U......<U......<.......H5..(...H5..P...L.......VE......VE......V....B..f...JJ..f.......f.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_bg.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	165337
Entropy (8bit):	5.332219158085151
Encrypted:	false
SSDEEP:	1536:9ULiyUxPoT6qx+J7FJlaaMJnxjqxq+0Uiff0mbVeb7wiEwYuYqDKBkKHMXHCIMll:9ULpIVFnpwUiEujw27ncUQUz
MD5:	660413AD666A6B31A1ACF8F216781D6E
SHA1:	654409CDF3F551555957D3DBCF8D6A0D8F03A6C5
SHA-256:	E448AC9E3F16C29EB27AF3012EFE21052DAA78FABFB34CD6DFF2F69EE3BD3CDB
SHA-512:	C6AE4B784C3D302D7EC6B9CE7B27DDAF00713ADF233F1246CD0475697A59C84D6A86BAA1005283B1F89FCC0835FD131E5CF07B3534B66A0A0AA6AC6356006B8F
Malicious:	false
Preview:	<.d....!..`.......bg_BGB../......,....+..."...@...]...A.......B.......C.......D...P...E...!...F.......G.......H.......I.......P.......Q.......R...A...S...e...T.......U.......V.......W...1...X...U...Y...y...]..,....s...,...t...................P...;..+....;..-E...;..!....;..+....M..,Y...O...,...O..............}..,............=...Q...m..,....t...\|......>...(5..1...+;..<...+;..o...+O...r..1...>...D@......E@......H4......HY..[...H.......IC......J....E..J....X..J.......LD......L....L..PS......QR.."...R...`...T....X..U.......X.......Zr...q..[`...`..\.......]x......_......._....T..yg.....1...=....E..?...............L(.......(...............'...$..\....[.......,...I...y...!...y...................S...........9..]%...E..5p...........z..!q...................%..O....D..................D.....8......:......?....5...&...0.......0.. ....0...c...0..5....5.......5..................b:.. D..-... D..Z...+.......<U......<U...0..<.......H5..-...H5..[...L.......VE..#a..VE..;...V.......f...T...f...!..

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_ca.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	210159
Entropy (8bit):	4.666388181115542
Encrypted:	false
SSDEEP:	3072:P/DVhdlafzvZfeW+6kXEVjSVPzC3ceKdP2:xYf7UW+WjwP2
MD5:	B383F6D4B9EEA51C065E73ECB95BBD23
SHA1:	DD6C2C4B4888B0D14CEBFC86F471D0FC9B07FE42
SHA-256:	52E94FCC9490889B55812C5433D009B44BDC2DC3170EB55B1AF444EF4AAE1D7F
SHA-512:	9401940A170E22CE6515E3C1453C563D93869A3C3686C859491A1F8795520B61BF3F0BFE4687A7380C0CC0C75E25559354FDB5CEF916AF4C5B6CD9661464A54A
Malicious:	false
Preview:	<.d....!..`.......caB..7....*.......+.../...@..:P...A..:t...B..:....C..:....D..;=...E..<....F..<Z...G..<~...H..<....I..<....P..>....Q..>....R..?....S..?R...T..?v...U..?....V..?....W..@....X..@<...Y..@`...]../....s..1....t..........2s......#p...;.......;../....;..W....;..e+...M../3...O.......O..9.......J....}../]......8....=..9....m../....t..9Y.......S..(5..lB..+;.._...+;...=..+O..U...1.......D@..:...E@..?...H4...J..HY..~...H..."...IC...0..J....W..J....0..J.......LD..!...L...!f..PS..)...QR.."...R.......T...9~..U...9...U...z...X...>...Zr..E...[`...e..\...LD..]x..7U.._......._...M...yg..f...1...a....E..c....7.........U.......p........b.......4.......K...$.......[.......,.......y.......y...................^...........9...:...E...s...... (...z..":.......d......!....%..tQ...D.."......."......2......ve.....y...........5..#H...0...\...0..W+...0..';...0.......5..(....5..........)s.......... D..0w.. D..}...+...1...<?..5x..<U......<U..5...<...6@..H5..0...H5..~...L...9...VE..$...V...SV..f.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_cs.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	174701
Entropy (8bit):	4.87192387061682
Encrypted:	false
SSDEEP:	3072:5WjuhX0CVRaakGjW9E8SSOQfX/JlwVOMxrboRPqWxXfQvO7zjBf:5iFGj1QfXr8Gd
MD5:	C57D0DE9D8458A5BEB2114E47B0FDE47
SHA1:	3A0E777539C51BB65EE76B8E1D8DCE4386CBC886
SHA-256:	03028B42DF5479270371E4C3BDC7DF2F56CBBE6DDA956A2864AC6F6415861FE8
SHA-512:	F7970C132064407752C3D42705376FE04FACAFD2CFE1021E615182555F7BA82E7970EDF5D14359F9D5CA69D4D570AA9DDC46D48CE787CFF13D305341A3E4AF79
Malicious:	false
Preview:	<.d....!..`.......cs_CZB..3p.....F....+.......@..!....@..Ef...A..!....A..E....B.."1...B..E....C.."U...C..E....D.."....D..F....E..#p...E..F)...F..#....F..FP...G..#....G..Fw...H..$....H..F....I..$6...I..F....P..&%...P..Gr...Q..&I...Q..G....R..&....R..G....S..&....S..H....T..&....T..H8...U..'....U..H_...V..'Z...V..H....W..'~...W..H....X..'....X..H....Y..'....Y..H....]..,....]..,....s.......t...9..................;.......;..+....;..1B...;......;..?x...;..N....;..iY...;..s3...M..,B...M..,....O.......O...w...O..rr...........}..,j...}..-....... 5...=.. ....m..,....m..-8...t.. .......ay..(5..TT..+;...A..+;..B...+;..u...+O......+O..=a..1...a...D@.."...E@..&m..E@..G...F...J...H4...=..HY..`...H.......I...J...IC......J....-..J.......J.......LD......L....(..PS.....QR.."S..R...e...T.... ..U......X.......Zr...g..[`......\......]x......_......._......._...v...yg......1...C....E..E...............=.......Q........................s...$..a....[.......,.......y.......y...y..............G..........

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_da.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	181387
Entropy (8bit):	4.755193800761075
Encrypted:	false
SSDEEP:	3072:XzswP2UvZ5aZ9jFTkmq/gnBNW/+PcWrqm2Vliz0DGdaS4KSLZjwTTgwUR0toT:j3m27AjCT
MD5:	859CE522A233AF31ED8D32822DA7755B
SHA1:	70B19B2A6914DA7D629F577F8987553713CD5D3F
SHA-256:	7D1E5CA3310B54D104C19BF2ABD402B38E584E87039A70E153C4A9AF74B25C22
SHA-512:	F9FAA5A19C2FD99CCD03151B7BE5DDA613E9C69678C028CDF678ADB176C23C7DE9EB846CF915BC3CC67ABD5D62D9CD483A5F47A57D5E6BB2F2053563D62E1EF5
Malicious:	false
Preview:	<.d....!..`.......daB..4......h....+......@...f...A.......B.......C.......D...U...E.......F...v...G.......H.......I.......P.......Q.......R...6...S...Z...T...~...U.......V.......W..."...X...F...Y...j...]..+....s.......t..................-...;..+....;..,....;../....;..;....M..+....O.......O...r...........}..,............=...8...m..,0...t...c......T...(5..B...+;..NH..+;..~H..+O..,...1...UP..D@......E@......H4...E..HY..j...H.......IC...#..J....J..J.......J.......LD......L....1..PS...B..QR......R...o...T.......U.......X.......Zr......[`...W..\....}..]x...[.._....-.._.......yg...e..1...O....E..R....7..........-!......]............................$..k....[...7...,.......y...c...y.................j4...........9..l8...E..p............z...;..................%..a....D...~.............-.....L......OH.....Uz...5.......0.......0...U...0.......0..p....5...7...5..L$..............p... D..-... D..i...+....@..<U.....<U.....<....S..H5..-2..H5..j$..L....B..VE.. ...VE..P...V......f...e...f.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_de.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	220467
Entropy (8bit):	4.626295310482312
Encrypted:	false
SSDEEP:	3072:7w8go8+ph6JVB8XVXYWpSNEeg8+vaD+p4N8DDiEKugwGZulh15ce4M+4NsPYXCZW:88h8Sj286tTiDD
MD5:	40760A3456C9C8ABE6EA90336AF5DA01
SHA1:	B249AA1CBF8C2636CE57EB4932D53492E4CE36AC
SHA-256:	553C046835DB9ADEF15954FA9A576625366BA8BFD16637038C4BCD28E5EBACE1
SHA-512:	068E55F39B5250CC937E4B2BD627873132D201D351B9351BE703CD9B95D3BAFB4BD649CB4DF120A976D7C156DA679758D952CAC5E0523107244E517D323BC0C5
Malicious:	false
Preview:	<.d....!..`.......de_DEB..7....*.......+..3....@..R....A..R....B..S....C..S@...D..S....E..T]...F..T....G..T....H..T....I..U#...P..W....Q..W6...R..W....S..W....T..W....U..W....V..XG...W..Xk...X..X....Y..X....]..2%...s..J$...t..9R......J.......B....;..1....;..3....;..q....;.......M..2O...O.......O..X@......ia...}..2y......Q....=..Q....m..2....t..Q...........(5......+;..ev..+;......+O..oh..1....4..D@..R...E@..WZ..H4..4...HY...[..H...AY..IC..>o..J...>...J.......J...>6..LD..@A..L...@...PS..I...QR..#...R....h..T...W...U...Xh..U....~..X...]...Zr..e(..[`..)...\...j...]x..O..._....K.._...lI..yg...U..1...f....E..i....7..........o.......wG......6.......6.......8....$...n...[..8....,..9....y.......y..=................3......>....9.......E..."......?_...z..#d.......0......A%...%..z....D..A.......B......KP......2.............^...5..B....0.......0..p....0..F....0...}...5..G....5..........H........... D..3}.. D...O..+...Q...<?..Ti..<U......<U..T...<...U)..H5..3...H5......L...X...VE..%j..V...l..

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_en.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:j2wZC4n:CwZ
MD5:	BCEBCF42735C6849BDECBB77451021DD
SHA1:	4884FD9AF6890647B7AF1AEFA57F38CCA49AD899
SHA-256:	9959B510B15D18937848AD13007E30459D2E993C67E564BADBFC18F935695C85
SHA-512:	F951B511FFB1A6B94B1BCAE9DF26B41B2FF829560583D7C83E70279D1B5304BDE299B3679D863CAD6BB79D0BEDA524FC195B7F054ECF11D2090037526B451B78
Malicious:	false
Preview:	<.d....!..`...

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_es.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	165170
Entropy (8bit):	4.679910767547088
Encrypted:	false
SSDEEP:	1536:JVwzuvb+Ta64KQd84arHX5pxiVhA8QlOD/BnFNa8NsvsfFsfcoZtIx6F:JVwSTG4KqVaLX5pEVK7OJFczstgRtIx8
MD5:	C7C58A6D683797BFDD3EF676A37E2A40
SHA1:	809E580CDBF2FFDA10C77F8BE9BAC081978C102B
SHA-256:	4FFDA56BA3BB5414AB0482D1DDE64A6F226E3488F6B7F3F11A150E01F53FA4C8
SHA-512:	C5AED1A1AA13B8E794C83739B7FDDEAFD96785655C287993469F39607C8B9B0D2D8D222ECD1C13CF8445E623B195192F64DE373A8FB6FE43743BAF50E153CDA5
Malicious:	false
Preview:	<.d....!..`.......es_ESB../......,...+...y...@.......A.......B.......C.......D...v...E...=...F.......G.......H.......I.......P.......Q... ...R...k...S.......T.......U.......V...1...W...U...X...y...Y.......]..+....s.......t...................c...;..+....;..,....;...%...;..#....;..-....M..+....O.......O...............}..,............=...]...m..,/...t..........A...(5..3...+;..<...+;..o...+O..!b..1...Ap..D@......E@...D..H4...-..HY..[F..H.......IC...%..J....L..J.......J.......LD......L....O..PS......QR..!...R...`K..T.......U....&..X.......Zr.....[`...h..\......]x...\|.._....Y.._....A..yg......1...=....E..?a......!.......K........G...............R...$..\Q...[.......,...z...y.......y..................+............9..\....E..2............z.. ....................%..ON...D........................:......=B.....A....5...7...0.......0......0.."....0...,...0..3....5...}...5...Y..............a... D..-!.. D..Z6..+....0..<U...h..<U......<.......H5..-M..H5..Z...L.......VE.."...VE..>...V......

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_fi.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	179941
Entropy (8bit):	4.720938209922096
Encrypted:	false
SSDEEP:	3072:lvdTgO2Yl97ZWnbgTLt/Tf9IlqAeiy5uWkYGM0wNCdRjSK2YUlUs:lvdkA9vh5uWkY0MK2YXs
MD5:	8472CF0BF6C659177AD45AA9E3A3247C
SHA1:	7B5313CDA126BB7863001499FB66FB1B56C255FC
SHA-256:	E47FE13713E184D07FA4495DDE0C589B0E8F562E91574A3558A9363443A4FA72
SHA-512:	DE36A1F033BD7A4D6475681EDC93CC7B0B5DCB6A7051831F2EE6F397C971B843E1C10B66C4FB2EFF2A23DC07433E80FBF7B95E62C5B93E121AB5AD88354D9CB8
Malicious:	false
Preview:	<.d....!..`.......fiB..38.....ct...+......@.......A.......B.......C...@...D.......E...]...F.......G.......H.......I...#...P.......Q...6...R.......S.......T.......U.......V...G...W...k...X.......Y.......]......s...T...t.......................;......;..+....;..&....;..3....M..+!...O.......O...e...........}..+K...........=.......m..+w...t..........J...(5..9...+;..:y..+;..mW..+O..$...1...KY..D@......E@...Z..H4...l..HY..X&..H.......IC......J.......J...."..J......LD.....L.......PS...'..QR.. L..R...]...T.......U.......X.......Zr......[`......\.......]x......_....k.._....>..yg.. /..1...;....E..>....7..{(......%.......J........T.......&.......U...$..Y[...[......,...s...y.......y...a.......}......d...........9..Y....E..k'...........z...........V..........%..M....D...Q.......{......d.....A......E......K....5.......0.......0..&J...0.......0..k....5......5..I9.............._:.. D..,O.. D..W...+....9..<U...G..<U...*..<.......H5..,y..H5..W...H5......L....5..VE..!u..VE..E...V..."{..f.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_fr.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	166167
Entropy (8bit):	4.685212271435657
Encrypted:	false
SSDEEP:	1536:CLZ1w8McowCppcPwL5pYFw+G00QsbLckCiWxvq+sjs06oFm:C91wxcowspc4L5pUw+cz39CiQ7tloFm
MD5:	1F41FF5D3A781908A481C07B35998729
SHA1:	ECF3B3156FFE14569ECDF805CF3BE12F29681261
SHA-256:	EDB32A933CEF376A2636634E14E2977CED6284E4AA9A4AC7E2292F9CA54C384A
SHA-512:	A492E8AC88095A38A13549C18C68E1F61C7054AB9362C2B04C65B93E48E4A07941C8DA6950BAE79041094623E0ED330CA975110FDE8248B4D9380B9F729AD891
Malicious:	false
Preview:	<.d....!..`.......fr_FRB../....*..-....+.......@.......A.......B.......C...?...D.......E...\...F.......G.......H.......I..."...P.......Q...5...R.......S.......T.......U.......V...F...W...j...X.......Y.......]..+....s...=...t.......................;..+....;..,....;.......;..$b...;.......M..,....O.......O...5...........}..,3...........=.......m..,]...t..........A...(5..5j..+;..<T..+;..o...+O.."+..1...B\..D@......E@...Y..H4...8..HY..[{..H.......IC......J.......J.......J.......LD...\|..L.......PS...?..QR..!...R...`j..T.......U....[..X.......Zr.....[`...)..\......]x......_....7.._.......yg...i..1...=Q...E..?@......"Y......K............................$..\....[...^...,...'...y.......y...+.......o....../c.......Y...9..\....E..6(...........z..!................j...%..OC...D...+.......[......a.....;......>......B....5.......0.......0...m...0..#....0.......0..6....5.......5..................a... D..-Y.. D..Ze..+....]..<U...;..<U......<.......H5..-...H5..Z...L.......VE.."...VE..?...V......

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_gd.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	189580
Entropy (8bit):	4.630160941635514
Encrypted:	false
SSDEEP:	1536:SiaI3C87jhakhR0VGkw7ys7CskUH6y4e6IFB4xyMuhvDnJGhFaCo527arBbm07LZ:S2yGjh17yGqxTXhvQoejJd8FUjVgk
MD5:	EB1FB93B0BE51C2AD78FC7BA2F8B9F42
SHA1:	24F7FF809E2F11C579CD388FEA5A4C552FF8D4D0
SHA-256:	63B439DD44139AA3AED54C2EBE03FA9BC77F22C14ED8FBA8EFF2608445BB233D
SHA-512:	E13770AEF33B6666ED7D54E03EE20CA291D4167D673BA6C61D8E64CDD5F7FFE0A9521B95AF67BE719BF263932ECF16E2B2D0B5F3404F9BCD7879114FCC6FC474
Malicious:	false
Preview:	<.d....!..`.......gd_GBB..2....*...u...+......@.......A...B...B.......C.......D.. ....E.. ....F..!&...G..!J...H..!n...I..!....P..#m...Q..#....R..#....S..$....T..$$...U..$H...V..$....W..$....X..$....Y..%....]../....s...'...t...................F...;.......;../....;..=V...;..G....M../G...O.......O...k......$....}../o.......i...=.......m../....t..........[...(5..M...+;..@...+;..x...+O..:...1...\7..D@...f..E@..#...H4...p..HY..be..H.......IC......J.......J....R..J.......LD......L.......PS......QR..#l..R...g...T.......U.......X....\..Zr......[`......\...&...]x......_....C.._...'t..yg..?...1...BM...E..D.......;.......R'.......t.......@.......?...$..c....[......,...i...y.......y...Y.......f.......+...........9..c....E...............z.."....................%..U....D..................G.....UB.....W......\]...5.......0.......0..<....0...;...0.......5.......5..ij..............h... D..0... D..aC..+....K..<U.....<U...~..<.......H5..0...H5..a...L....1..VE..$...VE..X...V...8\|..f...Z...f...=..

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_he.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	138690
Entropy (8bit):	5.515748942553918
Encrypted:	false
SSDEEP:	3072:XSue8Z7T3iJsqBejt/zNHSLzdetY2ZISfC/S:XSueK3w7Ijt8zUtYAISfC/S
MD5:	DEAF87D45EE87794AB2DC821F250A87A
SHA1:	DB39C6BAA443AA9BB208043EF7FB7E3403C12D90
SHA-256:	E1EBCA16AFE8994356F81CA007FBDB9DDF865842010FE908923D873B687CAD3F
SHA-512:	276FCE81249EFFE19E95607C39F9ACB3A4AFA3F90745DA21B737A03FEA956B079BCA958039978223FD03F75AC270EC16E46095D0C6DDA327366C948EC2D05B9C
Malicious:	false
Preview:	<.d....!..`.......he_ILB../....*......+..Sw...@......A......B.......C.......D...X...E.......F.../...G...O...H...o...I......P.......Q.......R...I...S...i...T......U......V.......W.......X.../...Y...O...]..$....s......t..X:.......4......`Y...;..$....;..%....;.......;...5...;.......M..$....O...6...O..s............}..%-...........=...m...m..%k...t..........^..(5......+;..2...+;..^...+O...N..1.......D@......E@...(..H4..T...HY..L...H..._...IC..\...J...\...J.......J...\j..LD..^...L...^o..PS..fl..QR......R...Q...T...su..U...s...X...x3..Zr..~...[`..L\..\.......]x....._......._....o..yg...(..1...3....E..5C.......z......?V......U.......U.......W....$..M....[..W....,..X....y.......y..\........a..............\@...9..NO...E...?......]s...z...G.......(......^....%..B^...D.._......._.................... ..........5..`/...0.......0...L...0......0..d(...0......5..ek...5..........fB......R... D..&O.. D..K...+...l...<U......<U..p)..<...p...H5..&w..H5..La..L...s...VE......VE......V.....

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_hu.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	160494
Entropy (8bit):	4.831791320613137
Encrypted:	false
SSDEEP:	3072:BmOMZadV9n51xXeQvjOiIzz7/Vs9Db3ihuJNvMfWxBNlYzYbTrIkfwb03l24cNKu:HkWa5pg0MahBHDd
MD5:	E9D302A698B9272BDA41D6DE1D8313FB
SHA1:	BBF35C04177CF290B43F7D2533BE44A15D929D02
SHA-256:	C61B67BB9D1E84F0AB0792B6518FE055414A68E44D0C7BC7C862773800FA8299
SHA-512:	12947B306874CF93ABA64BB46FAC48179C2D055E770D41AF32E50FFFB9F0C092F583AFCEA8B53FE9E238EF9370E9FFFBEB581270DFA1A7CB74EBE54D9BFF459F
Malicious:	false
Preview:	<.d....!..`.......hu_HUB../...........+.......@.......A...0...B...{...C.......D.......E.......F.......G...<...H...`...I.......P...s...Q.......R.......S.......T......U...N...V.......W.......X.......Y.......]..+y...s.......t.......................;..+Q...;..,U...;.......;.......;..&....M..+....O.......O...U..........}..+............=.......m..+....t..........9c..(5..,...+;..;...+;..m7..+O......1...9...D@...T..E@......H4...v..HY..Y...H.......IC......J.......J.......J.......LD......L.......PS...}..QR..!...R...]...T.......U....{..X.......Zr...=..[`......\......]x...-.._......._......yg...M..1...<....E..>...............J........T.......(.......S...$..Z....[.......,...u...y.......y...[...............#...........9..Z....E..#&...........z..!'...................%..Mv...D..._....................32.....5......9....5.......0...h...0...E...0.......0.......0..#....5...Z...5...........G......_2.. D..,... D..W...+....W..<U......<U...B..<.......H5..,...H5..X{..L....)..VE.."...VE..6l..V.....

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_it.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	161172
Entropy (8bit):	4.680034416311688
Encrypted:	false
SSDEEP:	1536:eSfxfdO4BKJb0td5pqCOIUP/PFIM7gxGQ9sRrFM6QJ4m8ihkM:eSfxFO4BKJb0td5pnOrvCqg9mRK4IkM
MD5:	88D040696DE3D068F91E0BF000A9EC3E
SHA1:	F978B265E50D14FDDE9693EC96E99B636997B74D
SHA-256:	7C7DC8B45BF4E41FEC60021AB13D9C7655BE007B8123DB8D7537A119EB64A366
SHA-512:	F042637B61C49C91043D73B113545C383BD8D9766FD4ACC21675B4FF727652D50863E72EA811553CB26DF689F692530184A6CE8FE71F9250B5A55662AFE7D923
Malicious:	false
Preview:	<.d....!..`.......it_ITB../....*.......+.......@.......A..."...B...m...C.......D.......E.......F.......G...0...H...T...I...x...P...q...Q.......R.......S.......T...(...U...L...V.......W.......X.......Y.......]..+....s...'...t...................^...;..+[...;..,g...;.......;.......;..!B...M..+....O...D...O...........(...}..+........I...=.......m..,....t..........4...(5..'...+;..<...+;..oV..+O......1...5...D@...F..E@......H4...J..HY..Z...H.......IC...L..J....s..J....j..J.......LD......L....f..PS......QR..!...R..._...T.......U....3..X.......Zr......[`...Q..\.......]x......_......._....0..yg...C..1...=....E..?o..............Kf.......h.......8.......I...$..[....[.......,...m...y...9...y...........z.......z...........9..\=...E..$u.......:...z.. k...................%..N....D..................M............0......5/...5...2...0.......0...0...0...A...0...)...0..$....5.......5...J.......a......a... D..,... D..Y...+.......<U......<U......<....v..H5..-...H5..Z...L.......VE.."c..VE..1...V....X.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_ja.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	129911
Entropy (8bit):	5.802855391832282
Encrypted:	false
SSDEEP:	1536:W8YYSCjKBJ26c1Z7f25pVmuLXpxfqt7FEUWNrfQje9kWI23pKXvx:xYuKBJ01Z7u5pQuLbESUWNzAAI23pKfx
MD5:	608B80932119D86503CDDCB1CA7F98BA
SHA1:	7F440399ABA23120F40F6F4FCAE966D621A1CC67
SHA-256:	CBA382ACC44D3680D400F2C625DE93D0C4BD72A90102769EDFD1FE91CB9B617B
SHA-512:	424618011A7C06748AADFC2295109D2D916289C81B01C669DA4991499B207B781604A03259C546739A3A6CF2F8F6DFA753B23406B2E2812F5407AEE343B5CBDD
Malicious:	false
Preview:	<.d....!..`.......jaB../....*...'...+..=....@.......A.......B...?...C...c...D......E......F.......G.......H..."...I...F...P.......Q...'...R...r...S......T......U.......V...8...W...\...X......Y......].."k...s...Q...t..A...............I....;.."C...;..#A...;.......;.......;.......M.."....O...B...O..[?......h....}.."........m...=.......m.."....t...........M..(5......+;......+;..WU..+O......1.......D@......E@...K..H4..>=..HY..F...H...Hr..IC..E...J...F...J.......J...E...LD..Gz..L...G...PS..O...QR......R...K!..T...Z...U...[e..X..._f..Zr..e...[`..7...\...i...]x...'.._......._...j...yg..~+..1.../....E..1?.......#......:.......?.......?n......A....$..G....[..Ap...,..B....y.......y..Ew......\|...............E....9..H....E..........F....z...]..............HL...%..=R...D..H.......I!......[......J......M..........5..It...0...3...0.......0...C...0..M....0...a...5..N....5..........N.......L6.. D..#... D..E...+...U%..<U......<U..X ..<...X...H5..#...H5..FK..L...[...VE......VE......V......f.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_ko.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	156799
Entropy (8bit):	5.859529082176036
Encrypted:	false
SSDEEP:	1536:rvTy18hhPekHs1iNXVExWbStnn8TExgkYOvYejZOvXx4Mmf0MwUL8smk/pDZyy:y18hJ61nMStnn8TOgknQRLWZmkxNyy
MD5:	082E361CBAC2E3A0849F87B76EF6E121
SHA1:	F10E882762DCD2E60041BDD6CC57598FC3DF4343
SHA-256:	0179ED1B136E1CB3F583351EAA2C545BA3D83A6EE3F82C32505926A1A5F5F183
SHA-512:	F378A42116924E30FA0B8FFF1D3C3CB185DC35B2746DCE2818BE7C2AA95C5DE103DF44AAC74DA969C36C557F1D4DE42AC7647EC41066247F8AD2697BDED667EA
Malicious:	false
Preview:	<.d....!..`.......koB..7...........+.......@...K...A...o...B......C.......D...8...E.......F...U...G...y...H......I.......P......Q.......R.......S...C...T...g...U.......V.......W.......X...-...Y...Q...]..$....s...>...t...................y...;..${...;..%....;...u...;...l...M..$....O.......O...8...........}..$............=...C...m..%!...t...n..........(5...a..+;..E@..+;..l\|..+O......1.......D@.....E@......H4......HY..\...H....]..IC......J.......J....8..J.......LD...a..L.......PS......QR......R...`...T.......U....^..U.......X....y..Zr......[`..y...\....A..]x......_......._....o..yg......1...FJ...E..HE...7..................Q........a.......5...........$..]....[...;...,.......y.......y...V...............!.......\|...9..]....E...R...........z...4.......f.......5...%..Te...D..................D......^................5...S...0.......0.......0.......0.......5.......5...........n......a... D..%... D..[...+.......<?......<U...;..<U...+..<.......H5..&...H5..\...L.......VE......V....A..f.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_lv.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	153608
Entropy (8bit):	4.843805801051326
Encrypted:	false
SSDEEP:	3072:y5pmbKIhooMbGe91MrjOhmGzP6LJbWz5XIxELpU6:yObeqrjPGzeJyJLy6
MD5:	BD8BDC7BBDB7A80C56DCB61B1108961D
SHA1:	9538C4D8BB9A95C0D9DC57C7708A99DD53A32D1F
SHA-256:	846E047573AE40C83671C3BA7F73E27EFC24B98C82701DA0DF9973E574178BB2
SHA-512:	F040EC410EBFEA21145F944E71ADCAE8E5F60907D1D3716A937A9A59A48F70C6B7EAAC91C2C554F59357A7BC820CDBD17C73A4DECC20B51F68EB79EDD35C5554
Malicious:	false
Preview:	<.d....!..`.......lv_LVB..........B...+..y....@.......A...=...B......C......D.......E.......F...#...G...G...H...k...I.......P...~...Q......R.......S.......T...5...U...Y...V......W.......X.......Y.......]..%....s.......t...8.......n.......A...;..&....;.......;...!...;...A...;../....M..%....O.......O...............}..%...........=.......m..&....t...(......(g..(5...+..+;..4...+;..d...+O......1...(...D@...a..E@......H4..z...HY..Q...H.......IC......J....6..J.......J.......LD......L....9..PS......QR......R...U...T....S..U.......X...._..Zr......[`..r...\.......]x....._......._....{..yg......1...5v...E..7........(......B.......\|.......\|W......~r...$..R....[..~....,.......y...l...y...............................9..S....E...g...........z...z...................%..F....D........................"Z.....$......)....5.......0...\...0.......0...r...0.......0.......5...a...5..........J......V... D..&... D..P...+.......<U......<U......<.......H5..'"..H5..P...L....~..VE...R..VE..%...V......

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_pl.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	162982
Entropy (8bit):	4.841899887077422
Encrypted:	false
SSDEEP:	1536:sXpestp/YIFtDT8FIWYbIJmPYuIpnmxAk6mwyJNqSm9+P:sxpTDT8FIWfJmdCmxApmbnqSm9+P
MD5:	F9475A909A0BAF4B6B7A1937D58293C3
SHA1:	76B97225A11DD1F77CAC6EF144812F91BD8734BD
SHA-256:	CE99032A3B0BF8ABAD758895CC22837088EAD99FD2D2514E2D180693081CFE57
SHA-512:	8A4F1B802B6B81FF25C44251FB4A880E93E9A5FE25E36825A24BFE0EFB34E764E7E1EE585D3A56554964B7921E7813C67F12D200D6E0C5EAF4BB76B064B5C890
Malicious:	false
Preview:	<.d....!..`.......pl_PLB..0......"....+.......@...F...A...j...B......C.......D...3...E.......F...P...G...t...H.......I.......P.......Q.......R.......S...>...T...b...U.......V.......W.......X...(...Y...L...]......s.......t...r.......o.......+...;......;..+....;..."...;... ...M......O...6...O...........a...}..+...........=.......m..+G...t...G......,...(5......+;..:...+;..k...+O......1...-[..D@.....E@......H4...U..HY..WU..H.......IC......J....6..J.......J.......LD......L....%..PS......QR.. ...R...[...T....1..U.......X......Zr......[`......\.......]x...A.._......._....}..yg......1...;W...E..=........%......H....................$..Xp...[.......,.......y...i...y...........}......$R...........9..X....E..+)...........z.. E...................%..K....D...p....................&......(......-....5.......0.......0...e...0.......0..+....5...]...5...........f......]-.. D..,%.. D..V?..+....V..<U......<U......<....-..H5..,M..H5..V...L....Z..VE..!...VE..)...V.......f...P...f....K..f......

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_ru.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	203767
Entropy (8bit):	5.362551648909705
Encrypted:	false
SSDEEP:	1536:hn4dEJ63pdhPpy6gu5fs4MHQv6sLlxnrncF423ZL9xyuXwdcX8LZuf76CW+WeXFx:aN3pdV5fZbpItXsttRY+WSq
MD5:	5096AD2743BF89A334FBA6A2964300D4
SHA1:	405F45361A537C7923C240D51B0FF1C46621C203
SHA-256:	3DA6605668F9178D11A838C4515478084DCFB4F9CF22F99D7A92B492DB9C224B
SHA-512:	7B88B501792B5831426BAA669138192ED94CC3F8323A3DF9D5287655DC4D877706908C517AB7523AE8A283BF50B47123F13B8AE40EA2F3081C3459EDC47FC8DD
Malicious:	false
Preview:	<.d....!..`.......ru_RUB..7.......L...+...W...@..,....A..,....B..-1...C..-U...D..-....E...r...F.......G.......H../....I../8...P..1'...Q..1K...R..1....S..1....T..1....U..2....V..2\...W..2....X..2....Y..2....].......s..$c...t...'......%........r...;..-....;.......;..J....;..V....M...C...O.......O..&.......8....}...m......+3...=..+....m.......t..+.......p...(5..]@..+;..[0..+;......+O..H...1...qM..D@..-...E@..1o..H4...p..HY..xm..H......IC...@..J....g..J.......J.......LD......L....p..PS......QR..!...R...}...T...&...U...'...U...ki..X...+...Zr..3...[`......\...:...]x..)..._......._...;...yg..S...1...\....E..__...7.........H.......k................j.......U...$..y....[.......,.......y...k...y...............................9..y....E...O...........z..!*...................%..nW...D.................%w.....g......j~.....qw...5...H...0.......0..I....0..._...0......5.......5..................~... D../k.. D..wa..+....?..<?.."t..<U......<U.."...<...#z..H5../...H5..w...L...&...VE.."...V...F$.

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_sk.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	125763
Entropy (8bit):	4.80343609423322
Encrypted:	false
SSDEEP:	3072:roXDuC1u/2lUBGjJirE5tsd/aev1GIfOdvhw:OucMGjH5tbm
MD5:	3D60E50DCBCBD70EE699BC9B1524FCB9
SHA1:	0211B4911B5B74CC1A46C0FCA87D3BF5632AA44A
SHA-256:	D586AE2C314074CF398417FDECB40709D5478DFEB0A67C2FE60D509EE9B59ED7
SHA-512:	F98211867F1DBCB8A342C00E23FA5718BE6E999F7449CB8470B41BF0F527C7F78CC4D6666E28968F32E96026907156753979BFADA7E6BF4225D02A902D24906D
Malicious:	false
Preview:	<.d....!..`.......sk_SKB..$x...*.......+..>....@......A......B.......C.......D...3...E...Z...F......G......H.......I.......P.......Q...D...R.......S......T.......U.......V...1...W...X...X.......Y......]...Y...t..D-......K....;...3...;.......;.......;......;...V...M.......O.._ ......l....}.......m...........T..(5...(..+;......+;..%...+O......1......E@...k..F.......H4..?I..HY..@7..H...J...I....,..IC..HT..J...H{..J...H...LD..J"..L...Jv..PS..Q...R...D...Zr..i]..[`..7...\...nB.._...o...1...&....E..(........B......19......A.......A....$..AF...[..C....,..D....y..G.......v........g......G....9..A....E..........IH...%..4.......Kf..............................5..K....0...,...0.......0.......0..Of...0.......5..P....5..........E... D...C.. D..?'..+...Y`..<U......<U..\...<...]...H5...m..H5..?...L...^...VE......f.......f...8...g.......l...aP.......................6......d....D..f(...`..f...............?....`..h5...y..H....5..j........E...e.......e..@....... ......>......oZ......l..

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_tr.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	194487
Entropy (8bit):	4.877239354585035
Encrypted:	false
SSDEEP:	3072:yRRhAFCvqDBitD/iDG9AOH+l4TcwZBPqHo9fd9CFRK+2IKAimxsjucV2p0ZqvRu7:yRRHs5mksWVX3lA3
MD5:	6CBC5D8E1EABEC96C281065ECC51E35E
SHA1:	4E1E6BA3772428227CB033747006B4887E5D9AD1
SHA-256:	6A0BF6E70E7920C2B193E76E92F78F315936955D3B06AC039D917F2E06C43281
SHA-512:	CE1F9EE180176153D5F523D71E0DB06F4DEA65C24E5E2CD56341CFAEE349A8E9A0F606D99F7219A35DD4516D1528C90AEA4BB87548A55392B8F2B36164D478B1
Malicious:	false
Preview:	<.d....!..`.......tr_TRB..7....*.......+...-...@.......A.......B.......C...%...D.......E...F...F.......G.......H.......I.......P.. ....Q.. ....R..!D...S..!h...T..!....U..!....V.."....W.."0...X.."T...Y.."x...]..,g...s.../...t......................;..,9...;..-I...;..9@...;..E....M..,....O.......O...G...........}..,............=...\...m..,....t.........._3..(5..LJ..+;..Wt..+;...\..+O..7...1..._...D@......E@..!...H4...@..HY..t...H....2..IC...r..J......J....D..J....K..LD...$..L....x..PS......QR..!...R...x...T.......U....q..U...Y...X...."..Zr...%..[`......\....:..]x......_......._.......yg..6...1...X....E..[....7...Z......7Q......f............................$..u....[...:...,...5...y.......y...........7...............!...9..u....E...........P...z.. ........p...........%..j....D..................A.....U......Y......_....5...V...0.......0..8....0...U...0.......5.......5..~b..............z+.. D..-... D..s...+.......<?...8..<U...s..<U...p..<.......H5..-...H5..s...L.......VE.."0..V...4..

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_uk.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	158274
Entropy (8bit):	5.402056706327934
Encrypted:	false
SSDEEP:	1536:jXwjFVUDdMUD4TzdAhpQgO5poZHvJllEnhmdK4I77/dnPJX/imfb1jhvv3BxT8ue:jBzD4Tzaw5pCvJ8hVPdlvj3p8
MD5:	D6234E4E21021102B021744D5FA22346
SHA1:	63A14327D0CF0941D6D6B58BFA7E8B10337F557B
SHA-256:	51B8FF55B37DC5907D637A8DDDA12FBE816852B0244C74EB4F0FB84867A786E0
SHA-512:	37D24A092C5F29BACB7A4CA8207C4EEFD0F073B7E74A492402867F758084091BF1D79D2BA2B4A28B35FEF42E8023C371FDE97578F74BB2033551154E77102DE6
Malicious:	false
Preview:	<.d....!..`.......uk_UAB../.......E...+...l...@.......A.......B...G...C...k...D.......E.......F.......G.......H......I...N...P...=...Q...a...R.......S.......T.......U.......V...r...W.......X.......Y.......]..y...s.......t...........;.......n...;..Q...;..+U...;.......;...x...;..!(...M......O.......O...........6...}..........E...=.......m..*....t..........3...(5..&...+;..:...+;..k0..+O...A..1...4-..D@... ..E@......H4...8..HY..W...H....2..IC...V..J....}..J.......J....%..LD...&..L....z..PS......QR.. ...R...\...T....(..U.......X.......Zr......[`..~...\.......]x......_......._....4..yg...c..1...;....E..=w.......m......I............................$..X....[...<...,.......y.......y...........M...................9..Y....E...F.......D...z.. ........P...........%..LB...D.......................-n...../......4W...5...F...0...p...0...W...0.......0...k...0.......5.......5..................^... D..+... D..V...+.......<U.../..<U......<....>..H5..+...H5..V...L....S..VE..!...VE..0...V......

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\translations\qtbase_zh_TW.qm

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Qt Translation file
Category:	dropped
Size (bytes):	127849
Entropy (8bit):	5.83455389078597
Encrypted:	false
SSDEEP:	3072:Fv2cHP10gOs6dcFxsJopMqOWv2WIrPFP8pa:Fh6s6iFxEodjef8pa
MD5:	9C6A3721D01ECAF3F952CE96F46CE046
SHA1:	4A944E9E31DF778F7012D8E4A66497583BFD2118
SHA-256:	085D29EAF9BBB788B2F2503D74A1EF963A9411CEB600441254CE49A120E1AB63
SHA-512:	6E2807B8785F42A26C9CCBDBA0327DD40B529B10C468593F0E74113774D1CCDAA4FD9ACE9B259B9040E1475911428ECAEA49425B0F170862CF8147D23DB48E46
Malicious:	false
Preview:	<.d....!..`.......zh_TWB..2x..........+..)....@.......A.......B...j...C......D.......E......F.......G...)...H...M...I...q...P...%...Q...I...R......S......T.......U.......V...Z...W...~...X......Y.......]..!....s.......t..-...............4....;..!z...;.."\|...;.......;.......M..!....O.......O..Ay......N)...}..!............=.......m.." ...t...(.........(5......+;..;...+;.._...+O......1.......D@...C..E@...m..H4..W..HY..Pm..H...3...IC..1...J...1...J.......J...1...LD..2...L...38..PS..6...QR...T..R...T...T...A...U...A...X...E...Zr..K...[`..$...\...OW..]x......_......._...P...yg..a^..1...<....E..>....7...>.......;......Fo......+.......+.......-L...$..QR...[..-....,...F...y.......y..1J...............6......1p...9..Q....E..........2....z...........<......3....%..H....D..4W......4}....................Z...... ...5..4....0...?...0...K...0..5....0...L...5..6....5..........6.......U... D.."... D..O...+...<%..<U......<U..>...<...?:..H5..#...H5..O...L...AS..VE...M..VE......V.......f...L..

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\QtCore.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2483712
Entropy (8bit):	6.241719144701645
Encrypted:	false
SSDEEP:	49152:ZYS8YHrNj4/7RsRLvYpiW3pCBU+Z7bJWvCSBYgbxGJ5M2GM/fXR1fUdihfSbCo6e:9bpj4/7RsRLvYpiW3pCBU+Z7bJWvCSBv
MD5:	678FA1496FFDEA3A530FA146DEDCDBCC
SHA1:	C80D8F1DE8AE06ECF5750C83D879D2DCC2D6A4F8
SHA-256:	D6E45FD8C3B3F93F52C4D1B6F9E3EE220454A73F80F65F3D70504BD55415EA37
SHA-512:	8D9E3FA49FB42F844D8DF241786EA9C0F55E546D373FF07E8C89AAC4F3027C62EC1BD0C9C639AFEABC034CC39E424B21DA55A1609C9F95397A66D5F0D834E88E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.........../....td./..../...td./...td./...td./...n../...1../......P...c./....c./....c./...Rich...........................PE..d....p.f.........." ...(............+.......................................0&...........`.............................................L.....................#.$.............%.... t.......................t..(....r..@............@..(o...........................text...~(......................... ..`.rdata..x....@......................@..@.data...h...........................@....pdata..$.....#......n#.............@..@.reloc.......%......L%.............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\QtGui.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2494976
Entropy (8bit):	6.232020603277999
Encrypted:	false
SSDEEP:	24576:SUjOoTFrwI8nc6EmRAQ9RzgpP2bXYUKuXeLQp5PjYq0zb:SUqCgnZXRAQ9RzggbozJLQp5Mq
MD5:	AE182C36F5839BADDC9DCB71192CFA7A
SHA1:	C9FA448981BA61343C7D7DECACAE300CAD416957
SHA-256:	A9408E3B15FF3030F0E9ACB3429000D253D3BB7206F750091A7130325F6D0D72
SHA-512:	8950244D828C5EDE5C3934CFE2EE229BE19CC00FBF0C4A7CCEBEC19E8641345EF5FD028511C5428E1E21CE5491A3F74FB0175B03DA17588DAEF918E3F66B206A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......... j..sj..sj..sc..sn..s.p.rh..s1..rh..s.p.ri..s.p.rb..s.p.r...s...rh..s..ro..sj..s...syw.ra..syw.rk..syw.rk..sRichj..s........PE..d....p.f.........." ...(.....................................................P&...........`.........................................`&..L....&................$...............%.....................................p...@...............@{...........................text...O........................... ..`.rdata..............................@..@.data...xz.......^...t..............@....pdata........$.......#.............@..@.reloc........%......^%.............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\QtWidgets.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5144576
Entropy (8bit):	6.262739223310643
Encrypted:	false
SSDEEP:	49152:Qi+reIG7QwktsFPKoe2yicbbqgkcY9abW7KnTYK2bjMkTDGM7y:uqT7Q1kyTvoWW7EYvM9M
MD5:	E8C3BFBC19378E541F5F569E2023B7AA
SHA1:	ACA007030C1CEE45CBC692ADCB8BCB29665792BA
SHA-256:	A1E97A2AB434C6AE5E56491C60172E59CDCCE42960734E8BDF5D851B79361071
SHA-512:	9134C2EAD00C2D19DEC499E60F91E978858766744965EAD655D2349FF92834AB267AC8026038E576A7E207D3BBD4A87CD5F2E2846A703C7F481A406130530EB0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................=....1M............1M.....1M.....1M.....+......t.............J......J......J.....Rich...........................PE..d....p.f.........." ...(..,...!.....P.,.......................................N...........`..........................................><.T...D?<...............H..z...........pM..O..Pa8..............................`8.@.............,..............................text.....,.......,................. ..`.rdata........,.......,.............@..@.data... :....A.......A.............@....pdata...z....H..\|....H.............@..@.reloc...O...pM..P...0M.............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\sip.cp313-win_amd64.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	120320
Entropy (8bit):	6.034057886020456
Encrypted:	false
SSDEEP:	1536:pPd5NTdYgpmMrZhekwFH4PqgZNBQmT6V6WRFYE9Icx7pz4H5B:NhTdtmMdEkwuFTSvYE9Iczz4H5
MD5:	4F7F9E3A9466F4C0103FB04E1987E098
SHA1:	D4A339702E936AA5ECC1FE906AE2BA3BB0E481D7
SHA-256:	EBF27146466D61411493D2E243EAC691740F9C4B7A4B9AB0D408BE45B5E0AA35
SHA-512:	920BA8D58DCA7946341C1CC01FEA0B76CCE008F1D10061F84455A3DE9BA00FD9534F40C983486211BE92B85F786CD610C386529711A6F573A02BFAF8CA543A19
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........kSR...R...R...[...Z....X..P.......P....X..Q....X..Z....X.._....^..Q...R.......G_..[...G_..S...G_..S...G_..S...RichR...........PE..d.... g.........." ...(.H...........J.......................................0............`.............................................X...h................................ ..........................................@............`...............................text...(G.......H.................. ..`.rdata..lU...`...V...L..............@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\VCRUNTIME140.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	120400
Entropy (8bit):	6.6017475353076716
Encrypted:	false
SSDEEP:	1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
MD5:	862F820C3251E4CA6FC0AC00E4092239
SHA1:	EF96D84B253041B090C243594F90938E9A487A9A
SHA-256:	36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
SHA-512:	2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............\|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\VCRUNTIME140_1.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	49744
Entropy (8bit):	6.701724666218339
Encrypted:	false
SSDEEP:	768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
MD5:	68156F41AE9A04D89BB6625A5CD222D4
SHA1:	3BE29D5C53808186EBA3A024BE377EE6F267C983
SHA-256:	82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
SHA-512:	F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......\|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\_bz2.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	84240
Entropy (8bit):	6.607563436050078
Encrypted:	false
SSDEEP:	1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
MD5:	CB8C06C8FA9E61E4AC5F22EEBF7F1D00
SHA1:	D8E0DFC8127749947B09F17C8848166BAC659F0D
SHA-256:	FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
SHA-512:	E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..\|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\_ctypes.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	131344
Entropy (8bit):	6.311142284249784
Encrypted:	false
SSDEEP:	3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
MD5:	A55E57D7594303C89B5F7A1D1D6F2B67
SHA1:	904A9304A07716497CF3E4EAAFD82715874C94F1
SHA-256:	F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
SHA-512:	FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\_decimal.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	277776
Entropy (8bit):	6.5855511991551
Encrypted:	false
SSDEEP:	6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
MD5:	F3377F3DE29579140E2BBAEEFD334D4F
SHA1:	B3076C564DBDFD4CA1B7CC76F36448B0088E2341
SHA-256:	B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
SHA-512:	34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\_hashlib.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	64272
Entropy (8bit):	6.220967684620152
Encrypted:	false
SSDEEP:	768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
MD5:	32D76C9ABD65A5D2671AEEDE189BC290
SHA1:	0D4440C9652B92B40BB92C20F3474F14E34F8D62
SHA-256:	838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
SHA-512:	49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\_lzma.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	157968
Entropy (8bit):	6.854644275249963
Encrypted:	false
SSDEEP:	3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
MD5:	1BA022D42024A655CF289544AE461FB8
SHA1:	9772A31083223ECF66751FF3851D2E3303A0764C
SHA-256:	D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
SHA-512:	2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....\|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\_queue.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	33552
Entropy (8bit):	6.446391764486538
Encrypted:	false
SSDEEP:	384:7GpPCRjqMu/AoS6rf7sif0NHQibZIJ9UoOHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:fkTM6rg9aeZIJ9Uok5YiSyvTo2Et
MD5:	1C03CAA59B5E4A7FB9B998D8C1DA165A
SHA1:	8A318F80A705C64076E22913C2206D9247D30CD7
SHA-256:	B9CF502DADCB124F693BF69ECD7077971E37174104DBDA563022D74961A67E1E
SHA-512:	783ECDA7A155DFC96A718D5A130FB901BBECBED05537434E779135CBA88233DD990D86ECA2F55A852C9BFB975074F7C44D8A3E4558D7C2060F411CE30B6A915F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).....:.......................................................r....`.........................................PD..L....D..d....p.......`..l....T.../..........@4..T............................3..@............0...............................text............................... ..`.rdata..2....0....... ..............@..@.data........P.......>..............@....pdata..l....`.......D..............@..@.rsrc........p.......H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\_socket.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	83728
Entropy (8bit):	6.331814573029388
Encrypted:	false
SSDEEP:	1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
MD5:	FE896371430BD9551717EF12A3E7E818
SHA1:	E2A7716E9CE840E53E8FC79D50A77F40B353C954
SHA-256:	35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
SHA-512:	67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m\|.ll}..o\|.ll}..h\|.ll}..i\|.ll}..m\|.ll}.lm}.ll}..m\|.ll}..a\|.ll}..l\|.ll}..}.ll}..n\|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...\|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\_ssl.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	181520
Entropy (8bit):	5.972827303352998
Encrypted:	false
SSDEEP:	3072:kO+IWyXHllRhN1qhep7fM6CpqjZI8u7pUULbaLZErWreVEzvT3iFCNc6tYwJc1OW:kpSrhN1E2M6CpUuwg5dEW7
MD5:	1C0E3E447F719FBE2601D0683EA566FC
SHA1:	5321AB73B36675B238AB3F798C278195223CD7B1
SHA-256:	63AE2FEFBFBBBC6EA39CDE0A622579D46FF55134BC8C1380289A2976B61F603E
SHA-512:	E1A430DA2A2F6E0A1AED7A76CC4CD2760B3164ABC20BE304C1DB3541119942508E53EA3023A52B8BADA17A6052A7A51A4453EFAD1A888ACB3B196881226C2E5C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...)............ /..............................................R\....`.............................................d................................/..............T...........................P...@............................................text...0........................... ..`.rdata..D%.......&..................@..@.data...`...........................@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\_wmi.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	38160
Entropy (8bit):	6.338856805460127
Encrypted:	false
SSDEEP:	768:fEkK9VgWOZbs3550QcJpPllIJLiX5YiSyvQ602Euf0:fE93jkbQcJvlIJLiJ7Syq00
MD5:	1C30CC7DF3BD168D883E93C593890B43
SHA1:	31465425F349DAE4EDAC9D0FEABC23CE83400807
SHA-256:	6435C679A3A3FF4F16708EBC43F7CA62456C110AC1EA94F617D8052C90C143C7
SHA-512:	267A1807298797B190888F769D998357B183526DFCB25A6F1413E64C5DCCF87F51424B7E5D6F2349D7A19381909AB23B138748D8D9F5858F7DC0552F5C5846AC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d.....g.........." ...).,...<.......)..............................................'.....`.........................................0V..H...xV.......................f.../......x...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..x............d..............@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\base_library.zip

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1394456
Entropy (8bit):	5.531698507573688
Encrypted:	false
SSDEEP:	12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
MD5:	A9CBD0455B46C7D14194D1F18CA8719E
SHA1:	E1B0C30BCCD9583949C247854F617AC8A14CBAC7
SHA-256:	DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
SHA-512:	B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
Malicious:	false
Preview:	PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

C:\Users\user\AppData\Local\Temp\_MEI74762\certifi\cacert.pem

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	299427
Entropy (8bit):	6.047872935262006
Encrypted:	false
SSDEEP:	6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
MD5:	50EA156B773E8803F6C1FE712F746CBA
SHA1:	2C68212E96605210EDDF740291862BDF59398AEF
SHA-256:	94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
SHA-512:	01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
Malicious:	false
Preview:	.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

C:\Users\user\AppData\Local\Temp\_MEI74762\charset_normalizer\md.cp313-win_amd64.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	10752
Entropy (8bit):	4.818583535960129
Encrypted:	false
SSDEEP:	96:Mvs10hZd9D74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFCCQAADo+cX6m:MXv9XFCk2z1/t12iwU5usJFuCyPcqgE
MD5:	56FE4F6C7E88212161F49E823CCC989A
SHA1:	16D5CBC5F289AD90AEAA4FF7CB828627AC6D4ACF
SHA-256:	002697227449B6D69026D149CFB220AC85D83B13056C8AA6B9DAC3FD3B76CAA4
SHA-512:	7C9D09CF9503F73E6F03D30E54DBB50606A86D09B37302DD72238880C000AE2B64C99027106BA340753691D67EC77B3C6E5004504269508F566BDB5E13615F1E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d....$.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	124928
Entropy (8bit):	5.953784637413928
Encrypted:	false
SSDEEP:	3072:JDE+0ov6ojgN3qN8h51Zlh+YW5E38vCsmLS:JdefPZE2ICDLS
MD5:	10116447F9276F10664BA85A5614BA3A
SHA1:	EFD761A3E6D14E897D37AFB0C7317C797F7AE1D6
SHA-256:	C393098E7803ABF08EE8F7381AD7B0F8FAFFBF66319C05D72823308E898F8CFC
SHA-512:	C04461E52B7FE92D108CBDEB879B7A8553DD552D79C88DFA3F5D0036EED8D4B8C839C0BF2563BC0C796F8280ED2828CA84747CB781D2F26B44214FCA2091EAE4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................7...............7.......7.......7.......6..........D....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........C.......................................0............`.........................................0...d.................................... ......................................P...@............P...............................text....?.......@.................. ..`.rdata..nY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\libcrypto-3.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	5232408
Entropy (8bit):	5.940072183736028
Encrypted:	false
SSDEEP:	98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
MD5:	123AD0908C76CCBA4789C084F7A6B8D0
SHA1:	86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
SHA-256:	4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
SHA-512:	80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.\|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...\|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\libffi-8.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	39696
Entropy (8bit):	6.641880464695502
Encrypted:	false
SSDEEP:	768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
MD5:	0F8E4992CA92BAAF54CC0B43AACCCE21
SHA1:	C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
SHA-256:	EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
SHA-512:	6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\libssl-3.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	792856
Entropy (8bit):	5.57949182561317
Encrypted:	false
SSDEEP:	12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
MD5:	4FF168AAA6A1D68E7957175C8513F3A2
SHA1:	782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
SHA-256:	2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
SHA-512:	C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..\|m..\|m..\|m.u.m..\|m+.}l..\|m.u}l..\|m+..l..\|m+.xl..\|m+.yl..\|m..}l..\|m..}m..\|m..xl..\|m..\|l..\|m...m..\|m..~l..\|mRich..\|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...\|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\psutil\_psutil_windows.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	67072
Entropy (8bit):	5.909456553599775
Encrypted:	false
SSDEEP:	1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
MD5:	49AC12A1F10AB93FAFAB064FD0523A63
SHA1:	3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
SHA-256:	BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
SHA-512:	1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..5..5..5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\python3.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	70416
Entropy (8bit):	6.1258200129869405
Encrypted:	false
SSDEEP:	768:pQEotsskOv6pWVCB4p/uKlZPRQcFIc9qunV0Jku/YFI1Hu1wEBbCpVNyD6VdPxiD:/otssyKcunV8PjZIJy0i7SyWH1
MD5:	16855EBEF31C5B1EBE767F1C617645B3
SHA1:	315521F3A748ABFA35CD4D48E8DD09D0556D989B
SHA-256:	A5C6A329698490A035133433928D04368CE6285BB91A9D074FC285DE4C9A32A4
SHA-512:	C3957B3BD36B10C7AD6EA1FF3BC7BD65CDCEB3E6B4195A25D0649AA0DA179276CE170DA903D77B50A38FC3D5147A45BE32DBCFDBFBF76CC46301199C529ADEA4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%?..a^e.a^e.a^e.).m.`^e.).e.`^e.)..`^e.).g.`^e.Richa^e.........PE..d......g.........." ...)............................................................z.....`.........................................`..................................../..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\python313.dll

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6083856
Entropy (8bit):	6.126922729922386
Encrypted:	false
SSDEEP:	49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
MD5:	B9DE917B925DD246B709BB4233777EFD
SHA1:	775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
SHA-256:	0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
SHA-512:	F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\select.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	30992
Entropy (8bit):	6.554484610649281
Encrypted:	false
SSDEEP:	384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
MD5:	20831703486869B470006941B4D996F2
SHA1:	28851DFD43706542CD3EF1B88B5E2749562DFEE0
SHA-256:	78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
SHA-512:	4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI74762\unicodedata.pyd

Download File

Process:	C:\Users\user\Desktop\wp-cent.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	709904
Entropy (8bit):	5.861739047785334
Encrypted:	false
SSDEEP:	12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
MD5:	0902D299A2A487A7B0C2D75862B13640
SHA1:	04BCBD5A11861A03A0D323A8050A677C3A88BE13
SHA-256:	2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
SHA-512:	8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.465543149941476
Encrypted:	false
SSDEEP:	6144:YIXfpi67eLPU9skLmb0b4vWSPKaJG8nAgejZMMhA2gX4WABl0uNOdwBCswSbt:NXD94vWlLZMM6YFHQ+t
MD5:	5F37FAFCC2EF5D97661C38C42D5846A0
SHA1:	135601E967FFBA57F54B9A39C583859D1FF305D4
SHA-256:	DC7E428F8FF9FF4F88960514960E8FF5CA520493B58651259B3566E208635AE4
SHA-512:	89280DAD34B11DCE875179A09FDDFEFAF98067EFBABCF7C0936B4B3344C626BE6DD2AD8AA62CC5627AB71F22C14502FD743C4D07F038343847DAE470806149E2
Malicious:	false
Preview:	regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.".BR..............................................................................................................................................................................................................................................................................................................................................r..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.9956855872756
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	wp-cent.exe
File size:	38'727'845 bytes
MD5:	03139cb6d13eee06845c9339720df3cd
SHA1:	91cfd38e408fa863b771e92b92cb52dfdba44bf3
SHA256:	f4d0a2e5a67453f66b8f4193e486d7c5dc05786fce0f029e8895b4a027e318a7
SHA512:	7fcc450f561b169cb93c19f6f258ceae8805b3f9d68108a756288529f93db9505264f37f2cb2751ed68dc11a2896e5cb0f0c59ac6ac39159fcc791e448e6adb6
SSDEEP:	786432:t+gX4BMdhwzTQXR5FbPp6FcSS5U/LT2KzVyPVLBdebXMb8VH/zEa:nXGMK4XR3bLSCU/+6yPl3ebcBa
TLSH:	2C873300E5D405DEE9B22974E5E1528BD55BF4EE8B72C7E781F002438573EC09A2EA7B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n=..\.Z\.Z\.Za$.[-\.Za$.[.\.Za$.[ \.Z:..Z)\.Z:..[#\.Z:..[;\.Z:..[.\.Za$.[!\.Z\.Z.\.Zb..[3\.Zb..[+\.ZRich*\.Z........PE..d..

File Icon


Icon Hash:	2f2f538f8ebbafbf

Static PE Info

General

Entrypoint:	0x14000cdb0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x676279E1 [Wed Dec 18 07:29:37 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	72c4e339b7af8ab1ed2eb3821c98713a

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F9A2C6154BCh
dec eax
add esp, 28h
jmp 00007F9A2C6150DFh
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
dec eax
sub esp, 28h
call 00007F9A2C615888h
test eax, eax
je 00007F9A2C615283h
dec eax
mov eax, dword ptr [00000030h]
dec eax
mov ecx, dword ptr [eax+08h]
jmp 00007F9A2C615267h
dec eax
cmp ecx, eax
je 00007F9A2C615276h
xor eax, eax
dec eax
cmpxchg dword ptr [0003577Ch], ecx
jne 00007F9A2C615250h
xor al, al
dec eax
add esp, 28h
ret
mov al, 01h
jmp 00007F9A2C615259h
int3
int3
int3
dec eax
sub esp, 28h
test ecx, ecx
jne 00007F9A2C615269h
mov byte ptr [00035765h], 00000001h
call 00007F9A2C6149B5h
call 00007F9A2C615CA0h
test al, al
jne 00007F9A2C615266h
xor al, al
jmp 00007F9A2C615276h
call 00007F9A2C6227BFh
test al, al
jne 00007F9A2C61526Bh
xor ecx, ecx
call 00007F9A2C615CB0h
jmp 00007F9A2C61524Ch
mov al, 01h
dec eax
add esp, 28h
ret
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
cmp byte ptr [0003572Ch], 00000000h
mov ebx, ecx
jne 00007F9A2C6152C9h
cmp ecx, 01h
jnbe 00007F9A2C6152CCh
call 00007F9A2C6157FEh
test eax, eax
je 00007F9A2C61528Ah
test ebx, ebx
jne 00007F9A2C615286h
dec eax
lea ecx, dword ptr [00035716h]
call 00007F9A2C6225B2h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3ca5c	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x47000	0x9ab4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x44000	0x2250	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x51000	0x764	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x3a080	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x39f40	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2b000	0x4a0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x29f00	0x2a000	2a7ae207b6295492e9da088072661752	False	0.5514439174107143	data	6.487454925709845	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x2b000	0x12a50	0x12c00	055f41d48e72b07fc0776247f4b3a016	False	0.5244401041666666	data	5.752637282068884	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x3e000	0x53f8	0xe00	dba0caeecab624a0ccc0d577241601d1	False	0.134765625	data	1.8392217063172436	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x44000	0x2250	0x2400	f5559f14427a02f0a5dbd0dd026cae54	False	0.470703125	data	5.291665041994019	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x47000	0x9ab4	0x9c00	04ae799c62b78ccb3c7694fd19f97861	False	0.09495192307692307	data	4.5354248377179704	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x51000	0x764	0x800	816c68eeb419ee2c08656c31c06a0fff	False	0.5576171875	data	5.2809528666624175	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x470e8	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 36864, resolution 2835 x 2835 px/m	0.0778326676476771
RT_GROUP_ICON	0x50590	0x14	data	1.15
RT_MANIFEST	0x505a4	0x50d	XML 1.0 document, ASCII text	0.4694508894044857

Imports

DLL	Import
USER32.dll	CreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
COMCTL32.dll
KERNEL32.dll	GetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
ADVAPI32.dll	OpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
GDI32.dll	SelectObject, DeleteObject, CreateFontIndirectW

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 19, 2024 19:20:12.324738026 CET	49731	443	192.168.2.4	104.20.22.46
Dec 19, 2024 19:20:12.324829102 CET	443	49731	104.20.22.46	192.168.2.4
Dec 19, 2024 19:20:12.325834036 CET	49731	443	192.168.2.4	104.20.22.46
Dec 19, 2024 19:20:12.325834036 CET	49731	443	192.168.2.4	104.20.22.46
Dec 19, 2024 19:20:12.325963974 CET	443	49731	104.20.22.46	192.168.2.4
Dec 19, 2024 19:20:13.567456961 CET	443	49731	104.20.22.46	192.168.2.4
Dec 19, 2024 19:20:13.568219900 CET	49731	443	192.168.2.4	104.20.22.46
Dec 19, 2024 19:20:13.568320036 CET	443	49731	104.20.22.46	192.168.2.4
Dec 19, 2024 19:20:13.570496082 CET	443	49731	104.20.22.46	192.168.2.4
Dec 19, 2024 19:20:13.570600033 CET	49731	443	192.168.2.4	104.20.22.46
Dec 19, 2024 19:20:13.572693110 CET	49731	443	192.168.2.4	104.20.22.46
Dec 19, 2024 19:20:13.572858095 CET	49731	443	192.168.2.4	104.20.22.46

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 19, 2024 19:20:12.182609081 CET	55154	53	192.168.2.4	1.1.1.1
Dec 19, 2024 19:20:12.320302963 CET	53	55154	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 19, 2024 19:20:12.182609081 CET	192.168.2.4	1.1.1.1	0x3efe	Standard query (0)	nodejs.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 19, 2024 19:20:12.320302963 CET	1.1.1.1	192.168.2.4	0x3efe	No error (0)	nodejs.org		104.20.22.46	A (IP address)	IN (0x0001)	false
Dec 19, 2024 19:20:12.320302963 CET	1.1.1.1	192.168.2.4	0x3efe	No error (0)	nodejs.org		104.20.23.46	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	13:20:00
Start date:	19/12/2024
Path:	C:\Users\user\Desktop\wp-cent.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\wp-cent.exe"
Imagebase:	0x7ff62b660000
File size:	38'727'845 bytes
MD5 hash:	03139CB6D13EEE06845C9339720DF3CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	13:20:06
Start date:	19/12/2024
Path:	C:\Users\user\Desktop\wp-cent.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\wp-cent.exe"
Imagebase:	0x7ff62b660000
File size:	38'727'845 bytes
MD5 hash:	03139CB6D13EEE06845C9339720DF3CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 00000001.00000003.1722489604.0000019378638000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 00000001.00000003.1723661754.0000019378638000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 00000001.00000002.2101783704.0000019378638000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PythonBackDoor_1, Description: Yara detected Python BackDoor, Source: 00000001.00000003.1721752184.0000019378611000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	13:20:10
Start date:	19/12/2024
Path:	C:\Windows\System32\systeminfo.exe
Wow64 process (32bit):	false
Commandline:	systeminfo
Imagebase:	0x7ff6b5610000
File size:	110'080 bytes
MD5 hash:	EE309A9C61511E907D87B10EF226FDCD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	13:20:10
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	13:20:10
Start date:	19/12/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff693ab0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	13:20:10
Start date:	19/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "wmic computersystem get manufacturer"
Imagebase:	0x7ff73fd20000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	13:20:10
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	13:20:10
Start date:	19/12/2024
Path:	C:\Windows\System32\wbem\WMIC.exe
Wow64 process (32bit):	false
Commandline:	wmic computersystem get manufacturer
Imagebase:	0x7ff62b640000
File size:	576'000 bytes
MD5 hash:	C37F2F4F4B3CD128BDABCAEB2266A785
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	13:20:15
Start date:	19/12/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 7536 -s 980
Imagebase:	0x7ff666b60000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	10.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	20.1%
Total number of Nodes:	2000
Total number of Limit Nodes:	28

Executed Functions

Function 00007FF62B6689E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257
synchronizationwindowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF62B669390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF62B6645F4,00000000,00007FF62B661985), ref: 00007FF62B6693C9

SetConsoleCtrlHandler.KERNEL32(?,?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668A3B
GetStartupInfoW.KERNEL32(?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668A56

Part of subcall function 00007FF62B67A47C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B67A490

Part of subcall function 00007FF62B67871C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B678783

GetCommandLineW.KERNEL32(?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668AE6
CreateProcessW.KERNELBASE ref: 00007FF62B668B1E
GetLastError.KERNEL32(?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668B28

Part of subcall function 00007FF62B662C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF62B663706,?,00007FF62B663804), ref: 00007FF62B662C9E
Part of subcall function 00007FF62B662C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF62B663706,?,00007FF62B663804), ref: 00007FF62B662D63
Part of subcall function 00007FF62B662C50: MessageBoxW.USER32 ref: 00007FF62B662D99

RegisterClassW.USER32 ref: 00007FF62B668B80
GetLastError.KERNEL32(?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668B8B
CreateWindowExW.USER32 ref: 00007FF62B668BD5
GetLastError.KERNEL32(?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668BE7
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668C02
GetLastError.KERNEL32(?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668C15
PeekMessageW.USER32 ref: 00007FF62B668C39
TranslateMessage.USER32 ref: 00007FF62B668C47
DispatchMessageW.USER32(?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668C51
PeekMessageW.USER32 ref: 00007FF62B668C6C
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668C7E
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668C99
TerminateProcess.KERNEL32(?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668CAF
GetLastError.KERNEL32(?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668CB9
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668CC7
DestroyWindow.USER32(?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668E04
GetExitCodeProcess.KERNELBASE ref: 00007FF62B668E19
CloseHandle.KERNEL32(?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668E22
CloseHandle.KERNEL32(?,FFFFFFFF,00007FF62B663F7F), ref: 00007FF62B668E2F

Strings

PyInstallerOnefileHiddenWindow, xrefs: 00007FF62B668B54
Failed to create child process!, xrefs: 00007FF62B668B30
PyInstaller Onefile Hidden Window, xrefs: 00007FF62B668B95
CreateProcessW, xrefs: 00007FF62B668B37

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
API String ID: 3832162212-3165540532
Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
Instruction ID: ce0b01958cca91841279e9a7270eac8e5bf1f07e627541cd92de27d9591610a0
Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
Instruction Fuzzy Hash: AFD15132A08A8386EF108F34EC542AD3764FF89B98F540235DA5D86AB5DF3CE559D701

Function 00007FF62B661000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

pkg, xrefs: 00007FF62B6639BE
pyi-runtime-tmpdir, xrefs: 00007FF62B663B68
_PYI_SPLASH_IPC, xrefs: 00007FF62B663A23, 00007FF62B663EF5
Could not side-load PyInstaller's PKG archive from external file (%s), xrefs: 00007FF62B6639DE
Failed to load Tcl/Tk shared libraries for splash screen!, xrefs: 00007FF62B663EBB
VCRUNTIME140.dll, xrefs: 00007FF62B663DB1
Py_GIL_DISABLED, xrefs: 00007FF62B663AF4
Could not create temporary directory!, xrefs: 00007FF62B663CBF
pyi-python-flag, xrefs: 00007FF62B663AD6
Path exceeds PYI_PATH_MAX limit., xrefs: 00007FF62B663D12
PYINSTALLER_STRICT_UNPACK_MODE, xrefs: 00007FF62B663BE8
_PYI_APPLICATION_HOME_DIR, xrefs: 00007FF62B663A0B, 00007FF62B663CD4, 00007FF62B663F6B
Failed to unpack splash screen dependencies from PKG archive!, xrefs: 00007FF62B663EA6
pyi-disable-windowed-traceback, xrefs: 00007FF62B663BB2
PYINSTALLER_RESET_ENVIRONMENT, xrefs: 00007FF62B663882, 00007FF62B6638AF
_PYI_APPLICATION_HOME_DIR not set for onefile child process!, xrefs: 00007FF62B663D35
_PYI_PARENT_PROCESS_LEVEL, xrefs: 00007FF62B663A17, 00007FF62B663A2F, 00007FF62B663A9B
MEI, xrefs: 00007FF62B663933
Failed to load splash screen resources!, xrefs: 00007FF62B663E85
Failed to remove temporary directory: %s, xrefs: 00007FF62B663FCF
pyi-contents-directory, xrefs: 00007FF62B663B8D
_PYI_ARCHIVE_FILE, xrefs: 00007FF62B6638D2, 00007FF62B6639FF
Failed to convert DLL search path!, xrefs: 00007FF62B663DDC
Could not load PyInstaller's embedded PKG archive from the executable (%s), xrefs: 00007FF62B663971
PYINSTALLER_SUPPRESS_SPLASH_SCREEN, xrefs: 00007FF62B663E0A
Failed to start splash screen!, xrefs: 00007FF62B663ED4
Failed to initialize security descriptor for temporary directory!, xrefs: 00007FF62B663C61
Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s, xrefs: 00007FF62B663B32

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
API String ID: 2776309574-4232158417
Opcode ID: 2d77af2a2f9236e5f1bda1603447cca491bc739d444c9c91c5f96d0c69afedc5
Instruction ID: 798b9280e121487fdf4d6a2a3133f61ee780bcffae4c96aa23f12e0630260f9a
Opcode Fuzzy Hash: 2d77af2a2f9236e5f1bda1603447cca491bc739d444c9c91c5f96d0c69afedc5
Instruction Fuzzy Hash: 72326D21E0868391FF159B299C543B926A1FF5D780F488036DA6DC72F6EF2CE558E702

Function 00007FF62B685C00 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF62B685C45

Part of subcall function 00007FF62B685598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B6855AC

Part of subcall function 00007FF62B67A948: RtlFreeHeap.NTDLL(?,?,?,00007FF62B682D22,?,?,?,00007FF62B682D5F,?,?,00000000,00007FF62B683225,?,?,?,00007FF62B683157), ref: 00007FF62B67A95E
Part of subcall function 00007FF62B67A948: GetLastError.KERNEL32(?,?,?,00007FF62B682D22,?,?,?,00007FF62B682D5F,?,?,00000000,00007FF62B683225,?,?,?,00007FF62B683157), ref: 00007FF62B67A968

Part of subcall function 00007FF62B67A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF62B67A8DF,?,?,?,?,?,00007FF62B67A7CA), ref: 00007FF62B67A909
Part of subcall function 00007FF62B67A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF62B67A8DF,?,?,?,?,?,00007FF62B67A7CA), ref: 00007FF62B67A92E

_get_daylight.LIBCMT ref: 00007FF62B685C34

Part of subcall function 00007FF62B6855F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B68560C

_get_daylight.LIBCMT ref: 00007FF62B685EAA
_get_daylight.LIBCMT ref: 00007FF62B685EBB
_get_daylight.LIBCMT ref: 00007FF62B685ECC
GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF62B68610C), ref: 00007FF62B685EF3

Strings

Eastern Standard Time, xrefs: 00007FF62B685F99
Eastern Summer Time, xrefs: 00007FF62B685FB1

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 4070488512-239921721
Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
Instruction ID: 8a4f94dbce7249eb9b234996a13b6003275cd1a2345c0a8df1c076c2c60f78a0
Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
Instruction Fuzzy Hash: E1D1C122A1825286EF209F25DC511B96762FF8E7C4F448036EE4DC76A6DF3CE445EB42

Function 00007FF62B686964 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF62B686698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B6866D9
Part of subcall function 00007FF62B686698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B686757
Part of subcall function 00007FF62B686698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B6867A8

CreateFileW.KERNELBASE ref: 00007FF62B686A6A
CreateFileW.KERNEL32 ref: 00007FF62B686ABA
GetLastError.KERNEL32 ref: 00007FF62B686AEA
GetFileType.KERNELBASE ref: 00007FF62B686AFF
GetLastError.KERNEL32 ref: 00007FF62B686B09
CloseHandle.KERNEL32 ref: 00007FF62B686B3C
CloseHandle.KERNEL32 ref: 00007FF62B686C9F
CreateFileW.KERNEL32 ref: 00007FF62B686CD4
GetLastError.KERNEL32 ref: 00007FF62B686CE3

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction ID: ec374b58edf24c032fecb9b3a6aaf44636e7812c7970aa4e83b1d9c4c2e13388
Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction Fuzzy Hash: 4DC1CF36B28A4285EF10CFA5D8906AC3761F74EBA8B050235DA1E9B7E4DF38D455E301

Function 00007FF62B6683C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(?,00007FF62B668919,00007FF62B663FA5), ref: 00007FF62B66842B
RemoveDirectoryW.KERNEL32(?,00007FF62B668919,00007FF62B663FA5), ref: 00007FF62B6684AE
DeleteFileW.KERNELBASE(?,00007FF62B668919,00007FF62B663FA5), ref: 00007FF62B6684CD
FindNextFileW.KERNELBASE(?,00007FF62B668919,00007FF62B663FA5), ref: 00007FF62B6684DB
FindClose.KERNEL32(?,00007FF62B668919,00007FF62B663FA5), ref: 00007FF62B6684EC
RemoveDirectoryW.KERNELBASE(?,00007FF62B668919,00007FF62B663FA5), ref: 00007FF62B6684F5

Strings

%s\*, xrefs: 00007FF62B6683F2

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
String ID: %s\*
API String ID: 1057558799-766152087
Opcode ID: 7c12b01ff297979e1ecdf005a6213684df6049b407edb1b83f88227167b7eee2
Instruction ID: ce689659db0eb86865e21bde7e795a9d4931a40b6865725ffa4b48b75606d92e
Opcode Fuzzy Hash: 7c12b01ff297979e1ecdf005a6213684df6049b407edb1b83f88227167b7eee2
Instruction Fuzzy Hash: 8E414322A0C94385EE709B64EC442BA6360FB9D794F440232E69DC76E5EF3CE549DB42

Function 00007FF62B685E7C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF62B685EAA

Part of subcall function 00007FF62B6855F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B68560C

_get_daylight.LIBCMT ref: 00007FF62B685EBB

Part of subcall function 00007FF62B685598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B6855AC

_get_daylight.LIBCMT ref: 00007FF62B685ECC

Part of subcall function 00007FF62B6855C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B6855DC

Part of subcall function 00007FF62B67A948: RtlFreeHeap.NTDLL(?,?,?,00007FF62B682D22,?,?,?,00007FF62B682D5F,?,?,00000000,00007FF62B683225,?,?,?,00007FF62B683157), ref: 00007FF62B67A95E
Part of subcall function 00007FF62B67A948: GetLastError.KERNEL32(?,?,?,00007FF62B682D22,?,?,?,00007FF62B682D5F,?,?,00000000,00007FF62B683225,?,?,?,00007FF62B683157), ref: 00007FF62B67A968

GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF62B68610C), ref: 00007FF62B685EF3

Strings

Eastern Standard Time, xrefs: 00007FF62B685F99
Eastern Summer Time, xrefs: 00007FF62B685FB1

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 3458911817-239921721
Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
Instruction ID: 1bd6b3d1ea577530dd0df7c102937157f977903b8c2d7e0448e351757e601ae5
Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
Instruction Fuzzy Hash: BA51A032A1864286EF20DF21DD815B96761FB4D7C4F448136EA4DC76B6DF3CE404AB42

Function 00007FF62B669280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNELBASE ref: 00007FF62B6692B3
FindClose.KERNELBASE ref: 00007FF62B6692C2

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction ID: 1b10c08e9e162b89e7f00fb2e5f576f0b653b595c0d1b48da7a7320a6c145ef6
Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction Fuzzy Hash: 1BF0C832A1878386FB608B60BC887667350FB8C368F040335DAAD426E4DF3CD058DB01

Function 00007FF62B6808C8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentFeaturePresentProcessProcessor
String ID:
API String ID: 1010374628-0
Opcode ID: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
Instruction ID: d561b4adc27b1ef5f9b0b976487b68919b575c35dc47f8b8f50e3d532ca04dcb
Opcode Fuzzy Hash: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
Instruction Fuzzy Hash: 9202BD21A1E65641FE619B129C002793690FF4EBE0F558A34DE6DCA7F2DE7DA404B703

Function 00007FF62B661950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF62B667F90: _fread_nolock.LIBCMT ref: 00007FF62B66803A

_fread_nolock.LIBCMT ref: 00007FF62B661A1B

Part of subcall function 00007FF62B662910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF62B661B6A), ref: 00007FF62B66295E

Strings

fseek, xrefs: 00007FF62B6619F5
fread, xrefs: 00007FF62B661A32, 00007FF62B661B5C
Could not allocate buffer for TOC!, xrefs: 00007FF62B661B1B
malloc, xrefs: 00007FF62B661B22
Error on file., xrefs: 00007FF62B661B8D
Failed to seek to cookie position!, xrefs: 00007FF62B6619EE
Could not allocate memory for archive structure!, xrefs: 00007FF62B661A61
calloc, xrefs: 00007FF62B661A68
Failed to read cookie!, xrefs: 00007FF62B661A2B
Could not read full TOC!, xrefs: 00007FF62B661B55
MEI, xrefs: 00007FF62B661991

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _fread_nolock$CurrentProcess
String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
API String ID: 2397952137-3497178890
Opcode ID: 507f08f26e205d920f148b85cad333997b9676a31346628d4d7d58e95cedc463
Instruction ID: d1ef24804fa62ce1ffd34a25b0e9c6ed789855178a1b4b2aec1744839c36f429
Opcode Fuzzy Hash: 507f08f26e205d920f148b85cad333997b9676a31346628d4d7d58e95cedc463
Instruction Fuzzy Hash: 3881C271E08A8786EF20DB25D8442B923A0FF8D784F445031DA8DC77A5EE7CE585AB42

Function 00007FF62B661600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fseek, xrefs: 00007FF62B6616E1
fread, xrefs: 00007FF62B6617E6
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF62B6617DF
fwrite, xrefs: 00007FF62B6617D1
malloc, xrefs: 00007FF62B661749
fopen, xrefs: 00007FF62B661663
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF62B6616DA
Failed to create symbolic link %s!, xrefs: 00007FF62B661622
Failed to extract %s: failed to open target file!, xrefs: 00007FF62B66165C
Failed to extract %s: failed to allocate temporary buffer!, xrefs: 00007FF62B661742
Failed to extract %s: failed to write data chunk!, xrefs: 00007FF62B6617CA
Failed to extract %s: failed to open archive file!, xrefs: 00007FF62B6616A2

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
API String ID: 2050909247-1550345328
Opcode ID: 1024a7a5ee8cd7a3c756baff70d017aadc137d22fcd9cea75d224d6f76c21f88
Instruction ID: 9f47cc8defbb588650b944fcf39a4f9afe59fefbf43d0ca8993e6b2e2bb2ab0f
Opcode Fuzzy Hash: 1024a7a5ee8cd7a3c756baff70d017aadc137d22fcd9cea75d224d6f76c21f88
Instruction Fuzzy Hash: A351BC61F0864392EE14AB21AC101B923A0FF8D794F484531EE4CC7BB6DE7DE599B742

Function 00007FF62B668660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathW.KERNEL32(?,?,00000000,00007FF62B663CBB), ref: 00007FF62B668704
GetCurrentProcessId.KERNEL32(?,00000000,00007FF62B663CBB), ref: 00007FF62B66870A
CreateDirectoryW.KERNELBASE(?,00000000,00007FF62B663CBB), ref: 00007FF62B66874C

Part of subcall function 00007FF62B668830: GetEnvironmentVariableW.KERNEL32(00007FF62B66388E), ref: 00007FF62B668867
Part of subcall function 00007FF62B668830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF62B668889

Part of subcall function 00007FF62B678238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B678251

Part of subcall function 00007FF62B662810: MessageBoxW.USER32 ref: 00007FF62B6628EA

Strings

TMP, xrefs: 00007FF62B66869C, 00007FF62B6687A3
TMP, xrefs: 00007FF62B6686C2
_MEI%d, xrefs: 00007FF62B668712
LOADER: failed to set the TMP environment variable., xrefs: 00007FF62B6686DC
LOADER: length of teporary directory path exceeds maximum path length!, xrefs: 00007FF62B66877E

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
API String ID: 3563477958-1339014028
Opcode ID: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
Instruction ID: 58b43e11d42f98b9e637da997d7f056f96a78b3b6ef6f5203bea9e0b7499112c
Opcode Fuzzy Hash: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
Instruction Fuzzy Hash: 25419E11A1964384FE24AB76AC552B91291FF8D7C0F844136ED0DCB7FAEE3CE905A742

Function 00007FF62B661210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

malloc, xrefs: 00007FF62B6612C1, 00007FF62B6612F6
Failed to extract %s: inflateInit() failed with return code %d!, xrefs: 00007FF62B661276
Failed to extract %s: failed to allocate temporary output buffer!, xrefs: 00007FF62B6612EF
Failed to extract %s: failed to allocate temporary input buffer!, xrefs: 00007FF62B6612BA
1.3.1, xrefs: 00007FF62B661249
Failed to extract %s: decompression resulted in return code %d!, xrefs: 00007FF62B66141E

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentProcess
String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
API String ID: 2050909247-2813020118
Opcode ID: b715c76ab38b7b4dfee5c32bc52a61b3ea5d4668c2ab7e2166fd60b1101cc4ae
Instruction ID: 28105d6f899eaaa9a861faf75c35d519e24e17029db1a47c5ee9c54cd0063abf
Opcode Fuzzy Hash: b715c76ab38b7b4dfee5c32bc52a61b3ea5d4668c2ab7e2166fd60b1101cc4ae
Instruction Fuzzy Hash: D851C522E0864385EE209B12AC503BA6290FF89794F484135ED4DC7BF5EF3CE585E742

Function 00007FF62B67ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF62B67F0AA,?,?,-00000018,00007FF62B67AD53,?,?,?,00007FF62B67AC4A,?,?,?,00007FF62B675F3E), ref: 00007FF62B67EE8C
GetProcAddress.KERNEL32(?,?,?,00007FF62B67F0AA,?,?,-00000018,00007FF62B67AD53,?,?,?,00007FF62B67AC4A,?,?,?,00007FF62B675F3E), ref: 00007FF62B67EE98

Strings

ext-ms-, xrefs: 00007FF62B67EDE9
api-ms-, xrefs: 00007FF62B67EDD6

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction ID: 9285874917a29f69287ffd2856eb31858cc3e961a75ba8983bb2dc6d249f8d7e
Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction Fuzzy Hash: 3E41E021B19A0281FE15CB56AC106752299FF4DBD0F888939DD1DCFBA4EE7CE449B302

Function 00007FF62B6636B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,00007FF62B663804), ref: 00007FF62B6636E1
GetLastError.KERNEL32(?,00007FF62B663804), ref: 00007FF62B6636EB

Part of subcall function 00007FF62B662C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF62B663706,?,00007FF62B663804), ref: 00007FF62B662C9E
Part of subcall function 00007FF62B662C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF62B663706,?,00007FF62B663804), ref: 00007FF62B662D63
Part of subcall function 00007FF62B662C50: MessageBoxW.USER32 ref: 00007FF62B662D99

Strings

Failed to obtain executable path., xrefs: 00007FF62B6636F3
GetModuleFileNameW, xrefs: 00007FF62B6636FA
Failed to convert executable path to UTF-8., xrefs: 00007FF62B663790
\\?\, xrefs: 00007FF62B66375A
Failed to resolve full path to executable %ls., xrefs: 00007FF62B663739

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
API String ID: 3187769757-2863816727
Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction ID: 5a43601e797436ca80655bcfc628728584b181774cf045be084b71b178f69995
Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction Fuzzy Hash: 2D21B261B1C64381FF249B24EC143B62261FF8C384F844236EA6DC25F6EE2CE109E306

Function 00007FF62B67BA5C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B67BE89

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
Instruction ID: 8879ae1d39d9ec6a558fdfed77c4eaf11410eb21d6ac346bc7dcfb4a61f5f917
Opcode Fuzzy Hash: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
Instruction Fuzzy Hash: FFC10422A1C68782EE608B159C542BD7B50FB89BD0F5D4131EA4D8B7B1CEFDE845B702

Function 00007FF62B668570 Relevance: 10.6, APIs: 7, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF62B668590
OpenProcessToken.ADVAPI32 ref: 00007FF62B6685A3
GetTokenInformation.KERNELBASE ref: 00007FF62B6685C8
GetLastError.KERNEL32 ref: 00007FF62B6685D2
GetTokenInformation.KERNELBASE ref: 00007FF62B668612
ConvertSidToStringSidW.ADVAPI32 ref: 00007FF62B66862E
CloseHandle.KERNEL32 ref: 00007FF62B668646

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID:
API String ID: 995526605-0
Opcode ID: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
Instruction ID: bb971bd7026485f93b56731fb4da14d6bd27d07399e0fc813be236fac6943895
Opcode Fuzzy Hash: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
Instruction Fuzzy Hash: 8A216731A0C64342EF508B65B94423AA3A0FF997E0F540235E66DC7BF5DE7DE8459B01

Function 00007FF62B6690E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF62B668570: GetCurrentProcess.KERNEL32 ref: 00007FF62B668590
Part of subcall function 00007FF62B668570: OpenProcessToken.ADVAPI32 ref: 00007FF62B6685A3
Part of subcall function 00007FF62B668570: GetTokenInformation.KERNELBASE ref: 00007FF62B6685C8
Part of subcall function 00007FF62B668570: GetLastError.KERNEL32 ref: 00007FF62B6685D2
Part of subcall function 00007FF62B668570: GetTokenInformation.KERNELBASE ref: 00007FF62B668612
Part of subcall function 00007FF62B668570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF62B66862E
Part of subcall function 00007FF62B668570: CloseHandle.KERNEL32 ref: 00007FF62B668646

LocalFree.KERNEL32(?,00007FF62B663C55), ref: 00007FF62B66916C
LocalFree.KERNEL32(?,00007FF62B663C55), ref: 00007FF62B669175

Strings

D:(A;;FA;;;%s)(A;;FA;;;%s), xrefs: 00007FF62B669142
Security descriptor string length exceeds PYI_PATH_MAX!, xrefs: 00007FF62B669183
D:(A;;FA;;;%s), xrefs: 00007FF62B669157
S-1-3-4, xrefs: 00007FF62B669121

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
API String ID: 6828938-1529539262
Opcode ID: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
Instruction ID: 5c9689665075fe595c729b9c63e549eae7f2c176a244c2989a3f928be8684f9a
Opcode Fuzzy Hash: 5ed7a9ba3e6ce910408607b93085540bd422a8d0f9e00f9f84049ca226c14b37
Instruction Fuzzy Hash: E7214F31A08A8281FF549B10ED153EA6261FF8D780F944036EA4DD77A6DF3CE805A741

Function 00007FF62B667E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(00000000,?,00007FF62B66352C,?,00000000,00007FF62B663F23), ref: 00007FF62B667F32

Strings

\, xrefs: 00007FF62B667E97
%.*s, xrefs: 00007FF62B667EEB
%s%c, xrefs: 00007FF62B667EA4

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CreateDirectory
String ID: %.*s$%s%c$\
API String ID: 4241100979-1685191245
Opcode ID: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
Instruction ID: b5c4b16238d6d076952b937bdf76a4829e66954c9f703ac7ae2975b2e47c650c
Opcode Fuzzy Hash: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
Instruction Fuzzy Hash: 5731C331619AC245FE219B21EC107BA6254FF8CBE4F444231EE6D877E9EE3CD6459702

Function 00007FF62B67CF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62B67CF4B), ref: 00007FF62B67D07C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62B67CF4B), ref: 00007FF62B67D107

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
Instruction ID: a90ca90a280d0efc15db828fed9891f77175ee62470074b236ae656a7552fd61
Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
Instruction Fuzzy Hash: 8C91C372F1865185FF608F659C402BD2BA0FB48B88F144539DE0E9AAE4DF78D442F702

Function 00007FF62B67F98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF62B67FA7C
_get_daylight.LIBCMT ref: 00007FF62B67FA8D
_get_daylight.LIBCMT ref: 00007FF62B67FA9E
_isindst.LIBCMT ref: 00007FF62B67FB69

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _get_daylight$_isindst
String ID:
API String ID: 4170891091-0
Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
Instruction ID: 5173b53f9e0f95f1f8e07d29ce713b744887fc596d6ea8cf57165f5fdbb153da
Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
Instruction Fuzzy Hash: 9C51F672F042528AEF14CF649D55ABC27A1FF58758F500236DD1D9AAF5DF38A402AB02

Function 00007FF62B67577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE ref: 00007FF62B6757AF
GetFileInformationByHandle.KERNELBASE ref: 00007FF62B675811
GetLastError.KERNEL32 ref: 00007FF62B6758A2
PeekNamedPipe.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62B6756B4), ref: 00007FF62B6758EE

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: File$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 2780335769-0
Opcode ID: 6aefb500db5e0848cb3e1a230f039049599ff649377a7022c72adab745f1037c
Instruction ID: 521371a3defc6e9c17ff2fa56032f0d0fb05054a081dfc662738d4065c6940cb
Opcode Fuzzy Hash: 6aefb500db5e0848cb3e1a230f039049599ff649377a7022c72adab745f1037c
Instruction Fuzzy Hash: 28518C22E186418AFB10CFB1D8503BD27A1FB4CB98F148575DE0D9B6AADF78D441E742

Function 00007FF62B675628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B675655
CreateFileW.KERNELBASE ref: 00007FF62B675694
CloseHandle.KERNEL32 ref: 00007FF62B6756C9

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CloseCreateFileHandle_invalid_parameter_noinfo
String ID:
API String ID: 1279662727-0
Opcode ID: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
Instruction ID: 320e004e84ae81c38580b6e8f2e5ad2f3fe1a03b467e69c8ab95241f1e49efdf
Opcode Fuzzy Hash: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
Instruction Fuzzy Hash: F441A722D2878183EB508B2099143797360FB987A4F108335E69C4BAF2DFBCA1E0A701

Function 00007FF62B66CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF62B66CE0C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF62B66CE20

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF62B66CC60
__scrt_release_startup_lock.LIBCMT ref: 00007FF62B66CCCE
__scrt_get_show_window_mode.LIBCMT ref: 00007FF62B66CD21

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
String ID:
API String ID: 3251591375-0
Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction ID: 74f1399c2fc0cebce41157075c85160e9387a689c9bf33d43aa24e63dda89bba
Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction Fuzzy Hash: AE314721E4994355FE14AB659C223B92292FF8E784F445434EA0ECB2F7DE6DB804F243

Function 00007FF62B679A30 Relevance: 4.5, APIs: 3, Instructions: 14COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF62B679A2C), ref: 00007FF62B679A41
TerminateProcess.KERNEL32(?,?,?,00007FF62B679A2C), ref: 00007FF62B679A4C
ExitProcess.KERNEL32 ref: 00007FF62B679A5B

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
Instruction ID: d4fc7e119b91f56dbdd165bd53072eefd7b596c1349321166f82a252269c65f4
Opcode Fuzzy Hash: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
Instruction Fuzzy Hash: 21D09E10B0974752EF192B705C552781295FF4DB41F181438C95BCA3F3ED6DA84D7302

Function 00007FF62B67013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B670180
_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B670277

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
Instruction ID: 29c4a968f941f25f83820c9cd3f44c6cb9bf0b72a62aba59042f5c4176d1b01d
Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
Instruction Fuzzy Hash: 3D510722B1924286EF249A659C0067A7291FF8CBB4F184734DD7D8B7F5CEBCD440B622

Function 00007FF62B67C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF62B67C2CD), ref: 00007FF62B67C180
GetLastError.KERNEL32(?,?,?,?,?,00007FF62B67C2CD), ref: 00007FF62B67C18A

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction ID: 75d9d6b910fb63102a675524f28df062235322e7c82744aa3202375215f93d71
Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction Fuzzy Hash: 2C11C861718A8181EE208B15BC541696352FB49FF4F544331EE7D8B7F5DE7CD011A701

Function 00007FF62B675924 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62B675839), ref: 00007FF62B675957
SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62B675839), ref: 00007FF62B67596D

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Time$System$FileLocalSpecific
String ID:
API String ID: 1707611234-0
Opcode ID: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
Instruction ID: a9949754e3548e68ad8d361a183b924c01774a2088079c7eaa310f98b41639ec
Opcode Fuzzy Hash: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
Instruction Fuzzy Hash: AD118F3160C682C2EE548B14A81103AB760FB897B1F500236F7A9C59E8EF6CD014FB01

Function 00007FF62B67A948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,?,?,00007FF62B682D22,?,?,?,00007FF62B682D5F,?,?,00000000,00007FF62B683225,?,?,?,00007FF62B683157), ref: 00007FF62B67A95E
GetLastError.KERNEL32(?,?,?,00007FF62B682D22,?,?,?,00007FF62B682D5F,?,?,00000000,00007FF62B683225,?,?,?,00007FF62B683157), ref: 00007FF62B67A968

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
Instruction ID: e533388b85bf1fb503a6e82bc073ade5ec342091732d6b68d76f71a7bec6f5fe
Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
Instruction Fuzzy Hash: D9E08C10F2920383FF086BF2AC991381250FF8DB40F4C4030CA1DCA2B2EE6C6895B712

Function 00007FF62B67AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,?,00007FF62B67A9D5,?,?,00000000,00007FF62B67AA8A), ref: 00007FF62B67ABC6
GetLastError.KERNEL32(?,?,?,00007FF62B67A9D5,?,?,00000000,00007FF62B67AA8A), ref: 00007FF62B67ABD0

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction ID: 0c9a8d85723b52bdf62c2b5c582fa4cd20c8978e3e33d97740b0dc0c53288855
Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction Fuzzy Hash: C5218411F1868241EE9497519C9437D1682FF8CBA0F184239DA3ECB7F1CEEDA8457702

Function 00007FF62B67BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B67BED4

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction ID: b5473ba99107420edd092bbe8432590edf9135fae3760aa77a4a60b884f77459
Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction Fuzzy Hash: E841C63291824287EE349B19AD5017973A0FB5DB90F180131D79ECB6E5CFADE402FB52

Function 00007FF62B667F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF62B66803A

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _fread_nolock
String ID:
API String ID: 840049012-0
Opcode ID: 12c7421bf9d851de3930d973ff4776f23e58c204998b3b00b1158df84cf7151e
Instruction ID: 7075e56e5c91c4014fd889cf17a73c4aed5a9de9f5d2f2adc7b7a8eca827a300
Opcode Fuzzy Hash: 12c7421bf9d851de3930d973ff4776f23e58c204998b3b00b1158df84cf7151e
Instruction Fuzzy Hash: 43219121F1865246FE509A32AD043BAA651FF4DBD4F885831EE0D8B796CE7DF045EA02

Function 00007FF62B67B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B67B9C2

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
Instruction ID: 14e29f3c0f171d8e78773b5a9b4c32a9a3755c4c063e9039edd4222bd73ce7fc
Opcode Fuzzy Hash: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
Instruction Fuzzy Hash: F631A022E2865285FF116B558C5037C2690FF89BA0F590235EA6D8B7F2DEFCA441B713

Function 00007FF62B679961 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF62B67998F

Part of subcall function 00007FF62B679A88: GetModuleHandleExW.KERNEL32 ref: 00007FF62B679AAD
Part of subcall function 00007FF62B679A88: GetProcAddress.KERNEL32 ref: 00007FF62B679AC3
Part of subcall function 00007FF62B679A88: FreeLibrary.KERNEL32 ref: 00007FF62B679AEA

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
Instruction ID: 199d24b08fad527ad43fb7cc36885f708d38dd4c7ae40ef54bc1307ba4e7ccac
Opcode Fuzzy Hash: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
Instruction Fuzzy Hash: E9218B72A057469AEF248F64C8803AC33A0FB4C718F180636D76C8ABE5DFB8D584E741

Function 00007FF62B675F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B675EF9

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction ID: 6f4e3c665eb4618c5ce46a8004443ce27436371a7c3b1dc510dc8301e2bb6cf8
Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction Fuzzy Hash: 00115121A2C64181FE609F119C0017DA664FF89B84F444475EA4CDFAB7CFBDD440BB42

Function 00007FF62B686354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B686377

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction ID: 67d0af190f8c59f136381b61bc43077ea22451342349c0e9ebf8d6d0166dd5e2
Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction Fuzzy Hash: DA219232A18A4287DF618F18D84037976A1FB89B94F245234E75DC76E9DF3CD415EB01

Function 00007FF62B6703BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B670410

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction ID: d814708151992613caa2736df3ae9c152a268e52538a29c74b72f8942da631d1
Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction Fuzzy Hash: 3A01C422A1874180EE04DF629D01069B691FF89FE0F584631EE6C9BBEACEBCD411B301

Function 00007FF62B677EFC Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B677F3A

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
Instruction ID: 95d065244ff1b3a46a1f8cb5b1adcf2a2ad27245733db7112a6ea2974041d2bb
Opcode Fuzzy Hash: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
Instruction Fuzzy Hash: ED015E30E1D68340FE60AB626E411795690FF4C7E0F944635EA6CCAAF6DFACA4417683

Function 00007FF62B678238 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B678251

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
Instruction ID: aa920a409611447e0445fa4c08c87b91f2a0cf46c131b90540d90301c649be5f
Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
Instruction Fuzzy Hash: 9DE04660E1C70286FE112AA50C821781120FF9D340F440030E9288E2F3EDAC7C847263

Function 00007FF62B67EB98 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,00000000,00007FF62B67B32A,?,?,?,00007FF62B674F11,?,?,?,?,00007FF62B67A48A), ref: 00007FF62B67EBED

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
Instruction ID: f84f7de4d59cae5fab767ed4aaad20dcbd408605fdaefd3d989b672b8fe51c06
Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
Instruction Fuzzy Hash: 50F04958B0920281FE5856A59E552B40688FF8DB80F4C9530C90FCE2F2ED9CA4887A12

Function 00007FF62B67D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF62B670C90,?,?,?,00007FF62B6722FA,?,?,?,?,?,00007FF62B673AE9), ref: 00007FF62B67D63A

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction ID: 581deee2dd055f28f21e480c8c653a48c6277fa0fe787b9451162b47155e82d4
Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction Fuzzy Hash: 12F0F890F1924745FE649B715C516751290FF8D7A0F0C4B30DD2ECA6E2EEADA480B612

Non-executed Functions

Function 00007FF62B665830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B665840
GetLastError.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B665852
GetProcAddress.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B665889
GetLastError.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B66589B
GetProcAddress.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B6658B4
GetLastError.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B6658C6
GetProcAddress.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B6658DF
GetLastError.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B6658F1
GetProcAddress.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B66590D
GetLastError.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B66591F
GetProcAddress.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B66593B
GetLastError.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B66594D
GetProcAddress.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B665969
GetLastError.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B66597B
GetProcAddress.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B665997
GetLastError.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B6659A9
GetProcAddress.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B6659C5
GetLastError.KERNEL32(?,00007FF62B6664CF,?,00007FF62B66336E), ref: 00007FF62B6659D7

Strings

PyUnicode_FromFormat, xrefs: 00007FF62B665F4D, 00007FF62B665F6F
PyConfig_SetString, xrefs: 00007FF62B665A45, 00007FF62B665A67
PyObject_CallFunction, xrefs: 00007FF62B665CF7, 00007FF62B665D19
PyErr_Clear, xrefs: 00007FF62B665AA1, 00007FF62B665AC3
PyImport_AddModule, xrefs: 00007FF62B665BE3, 00007FF62B665C05
PyUnicode_Decode, xrefs: 00007FF62B665EF1, 00007FF62B665F13
PyObject_CallFunctionObjArgs, xrefs: 00007FF62B665D25, 00007FF62B665D47
PyObject_Str, xrefs: 00007FF62B665DAF, 00007FF62B665DD1
PyStatus_Exception, xrefs: 00007FF62B665E39, 00007FF62B665E5B
PyObject_SetAttrString, xrefs: 00007FF62B665D81, 00007FF62B665DA3
PyModule_GetDict, xrefs: 00007FF62B665CC9, 00007FF62B665CEB
PyObject_GetAttrString, xrefs: 00007FF62B665D53, 00007FF62B665D75
Py_InitializeFromConfig, xrefs: 00007FF62B665903, 00007FF62B665925
Py_PreInitialize, xrefs: 00007FF62B66595F, 00007FF62B665981
PyImport_ExecCodeModule, xrefs: 00007FF62B665C11, 00007FF62B665C33
PyConfig_SetBytesString, xrefs: 00007FF62B665A17, 00007FF62B665A39
PyUnicode_AsUTF8, xrefs: 00007FF62B665EC3, 00007FF62B665EE5
PyImport_ImportModule, xrefs: 00007FF62B665C3F, 00007FF62B665C61
PyPreConfig_InitIsolatedConfig, xrefs: 00007FF62B665DDD, 00007FF62B665DFF
PyConfig_Clear, xrefs: 00007FF62B66598D, 00007FF62B6659AF
PyMarshal_ReadObjectFromString, xrefs: 00007FF62B665C6D, 00007FF62B665C8F
PyErr_Fetch, xrefs: 00007FF62B665ACF, 00007FF62B665AF1
PySys_SetObject, xrefs: 00007FF62B665E95, 00007FF62B665EB7
PyConfig_InitIsolatedConfig, xrefs: 00007FF62B6659BB, 00007FF62B6659DD
Py_ExitStatusException, xrefs: 00007FF62B6658AA, 00007FF62B6658CC
Py_Finalize, xrefs: 00007FF62B6658D5, 00007FF62B6658F7
PyMem_RawFree, xrefs: 00007FF62B665C9B, 00007FF62B665CBD
PyErr_Restore, xrefs: 00007FF62B665B87, 00007FF62B665BA9
Failed to get address for %hs, xrefs: 00007FF62B665861
Py_DecRef, xrefs: 00007FF62B665836, 00007FF62B665858
PyConfig_SetWideStringList, xrefs: 00007FF62B665A73, 00007FF62B665A95
PyErr_Occurred, xrefs: 00007FF62B665B2B, 00007FF62B665B4D
Py_IsInitialized, xrefs: 00007FF62B665931, 00007FF62B665953
PyErr_Print, xrefs: 00007FF62B665B59, 00007FF62B665B7B
PyUnicode_Replace, xrefs: 00007FF62B665FD7, 00007FF62B665FF9
PyEval_EvalCode, xrefs: 00007FF62B665BB5, 00007FF62B665BD7
GetProcAddress, xrefs: 00007FF62B665868
PyUnicode_FromString, xrefs: 00007FF62B665F7B, 00007FF62B665F9D
PyConfig_Read, xrefs: 00007FF62B6659E9, 00007FF62B665A0B
PyUnicode_DecodeFSDefault, xrefs: 00007FF62B665F1F, 00007FF62B665F41
PySys_GetObject, xrefs: 00007FF62B665E67, 00007FF62B665E89
PyErr_NormalizeException, xrefs: 00007FF62B665AFD, 00007FF62B665B1F
PyRun_SimpleStringFlags, xrefs: 00007FF62B665E0B, 00007FF62B665E2D
PyUnicode_Join, xrefs: 00007FF62B665FA9, 00007FF62B665FCB
Py_DecodeLocale, xrefs: 00007FF62B66587F, 00007FF62B6658A1

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: AddressErrorLastProc
String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
API String ID: 199729137-653951865
Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
Instruction ID: 8f514aef29a0f82988a23bdf235a329a8f4334bb3bc1294111b7e17f17a9d365
Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
Instruction Fuzzy Hash: 2422C164A0AB1B91FE549B55BC915B423A1FF1E780F581039C92E826B2FF7DB44CB243

Function 00007FF62B6840AC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 00007FF62B6840FA
_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B684766
_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B6848DC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B684B9A
_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B684DBA
_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B684FF7
memcpy_s.LIBCPMT ref: 00007FF62B6850D2
memcpy_s.LIBCPMT ref: 00007FF62B68517D
memcpy_s.LIBCPMT ref: 00007FF62B68524C

Strings

1#IND, xrefs: 00007FF62B6841E7
1#QNAN, xrefs: 00007FF62B684213
1#INF, xrefs: 00007FF62B684223
1#SNAN, xrefs: 00007FF62B68420A

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
Instruction ID: d1aae5d88fd354859806daec858382c57df91827d1047c4f142bc79211741b6f
Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
Instruction Fuzzy Hash: 0BB2E372E182828BEB358E64D8407FD77A1FB593C8F445135DA0D9BEA4DF38A908DB41

Function 00007FF62B66ACAD Relevance: 12.0, Strings: 9, Instructions: 744COMMON

Download Yara Rule

Strings

invalid literal/lengths set, xrefs: 00007FF62B66B133
invalid distance code, xrefs: 00007FF62B66B5B4
invalid distance too far back, xrefs: 00007FF62B66B670
invalid code lengths set, xrefs: 00007FF62B66AE2D
invalid distances set, xrefs: 00007FF62B66B1A0
invalid code -- missing end-of-block, xrefs: 00007FF62B66B0C6
invalid literal/length code, xrefs: 00007FF62B66B3E2
invalid bit length repeat, xrefs: 00007FF62B66B099
too many length or distance symbols, xrefs: 00007FF62B66AE46

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
API String ID: 0-2665694366
Opcode ID: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
Instruction ID: ff61a3136736f2f16d79910cbe7843226ed4c2df9127c582b1e4d36699a87136
Opcode Fuzzy Hash: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
Instruction Fuzzy Hash: AB52F472A186A78BDBA48F14C898B7E3BA9FB48340F054139E65AC7790DF3DD844DB41

Function 00007FF62B66D12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF62B66D148
RtlCaptureContext.KERNEL32 ref: 00007FF62B66D175
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF62B66D18F
RtlVirtualUnwind.KERNEL32 ref: 00007FF62B66D1D0
IsDebuggerPresent.KERNEL32 ref: 00007FF62B66D224
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF62B66D241
UnhandledExceptionFilter.KERNEL32 ref: 00007FF62B66D24C

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
Instruction ID: 641b86a85b6db321a96d0d48418ad7df7c0282ea538efd653f0ff7238fd336cd
Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
Instruction Fuzzy Hash: 8B313072608B8686EB608F61E8503ED7364FB89744F044039DA4D87BA5DF7DD548D711

Function 00007FF62B67A614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF62B67A68D
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF62B67A6A5
RtlVirtualUnwind.KERNEL32 ref: 00007FF62B67A6E0
IsDebuggerPresent.KERNEL32 ref: 00007FF62B67A719
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF62B67A723
UnhandledExceptionFilter.KERNEL32 ref: 00007FF62B67A72E

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
Instruction ID: abc2b2ca0741cb33bf2f75523a277cc971a064a94813df6286795461f0e5ef1b
Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
Instruction Fuzzy Hash: E6318236608B8286DF60CF25EC402AE73A4FB89798F540135EA9D87B65DF3DC159DB01

Function 00007FF62B681874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B6818C0
FindFirstFileExW.KERNEL32 ref: 00007FF62B6819CA

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: FileFindFirst_invalid_parameter_noinfo
String ID:
API String ID: 2227656907-0
Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
Instruction ID: 0c3478440b676391c7d559f7dbb0cd42b5ac6bcf2878561693d266ddc3aaef89
Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
Instruction Fuzzy Hash: 79B1D662B1868241EE619B22DD002B963A0FF4EBE4F445131DE5D87BE5EF7CE485E701

Function 00007FF62B66D010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF62B66D03C
GetCurrentThreadId.KERNEL32 ref: 00007FF62B66D04A
GetCurrentProcessId.KERNEL32 ref: 00007FF62B66D056
QueryPerformanceCounter.KERNEL32 ref: 00007FF62B66D066

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
Instruction ID: 4e5cd685bc134ec848cfeb0786e52746730f4a252b70c6d1fe03a0be00048948
Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
Instruction Fuzzy Hash: 36110622B14F068AEF008B60EC542B933A4FB59758F480E31DA6D867B4EF78D1699341

Function 00007FF62B683C10 Relevance: 4.8, APIs: 3, Instructions: 340COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00007FF62B683C76
memcpy_s.LIBCPMT ref: 00007FF62B683CA1

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
Instruction ID: 737688dbe6ae59f5a58cc9409a913bf3174383d0e723215c3bd5cbce5091057d
Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
Instruction Fuzzy Hash: 89C11772B1928687DB24CF15E44866AB7A1F789BC4F488135DB4E83B54DF3DE809DB40

Function 00007FF62B66A474 Relevance: 4.1, Strings: 3, Instructions: 398COMMON

Download Yara Rule

Strings

header crc mismatch, xrefs: 00007FF62B66A921
, xrefs: 00007FF62B66A55B
unknown header flags set, xrefs: 00007FF62B66A4C5

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID: $header crc mismatch$unknown header flags set
API String ID: 0-1127688429
Opcode ID: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
Instruction ID: 1d455b34fba75503e311a54b7575fcf5165a148685b060a8f414c0d410e608ec
Opcode Fuzzy Hash: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
Instruction Fuzzy Hash: 00F19772A143D64BEBA59F14C888B3E7AA9FF48740F054538DA59873A0CF3DE981DB41

Function 00007FF62B689728 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF62B689977
RaiseException.KERNEL32 ref: 00007FF62B689988

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
Instruction ID: 5d31d1703ba99634ef1ca82056343188e0be13e2853ed483a7d00d47320d282c
Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
Instruction Fuzzy Hash: B1B15C73A04B898BEB19CF29C84A3683BA0F749B88F199921DB5D837B4CF39D455D701

Function 00007FF62B6739A4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON

Download Yara Rule

Strings

, xrefs: 00007FF62B673D54
, xrefs: 00007FF62B673B12

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
Instruction ID: ec8bd69a32a2f5f3b15f3c6db0db0fcbfb60483f09634a8dac58c7d6a1669d9a
Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
Instruction Fuzzy Hash: B1E1D632A4864685EF688F25895553D3360FF4CB48F289135DA0E8B7B4DF69E853F702

Function 00007FF62B66A2DB Relevance: 2.7, Strings: 2, Instructions: 216COMMON

Download Yara Rule

Strings

invalid window size, xrefs: 00007FF62B66A442
incorrect header check, xrefs: 00007FF62B66A45B

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID: incorrect header check$invalid window size
API String ID: 0-900081337
Opcode ID: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
Instruction ID: 3c6e75effba45b3bcf78fdad82631f8b1724da30014072514a3f16d42aa195ab
Opcode Fuzzy Hash: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
Instruction Fuzzy Hash: B5919972A182C787EBA48E14C849B3E3AA9FB49350F154139DB59C67E0DF3DE580DB41

Function 00007FF62B67DEF0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON

Download Yara Rule

Strings

e+000, xrefs: 00007FF62B67DFFD
gfff, xrefs: 00007FF62B67E07A

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID: e+000$gfff
API String ID: 0-3030954782
Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
Instruction ID: 5ededa70a1c5774356d7ef50992e5d2e3ce30f3f6cc371cc458d31ab74545327
Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
Instruction Fuzzy Hash: 9D517862B182C186EB248E35DC047696B91F748B94F48C231CBAC8FAE5CEBDD044E702

Function 00007FF62B67DA5C Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

gfffffff, xrefs: 00007FF62B67DD9E

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
Instruction ID: 015b4bb1b0e7386a87dc7412106b68fd0b4f775f7b2f8aa3e5a61dd376f2ba37
Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
Instruction Fuzzy Hash: 72A158A2A097C586EF21CF25A8007A97B95FB58B84F048532DE4D8B7E5DEBDD401E702

Function 00007FF62B678794 Relevance: 1.4, Strings: 1, Instructions: 177COMMON

Download Yara Rule

Strings

TMP, xrefs: 00007FF62B6787B3

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: TMP
API String ID: 3215553584-3125297090
Opcode ID: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
Instruction ID: d6dc4a3f38e10984f629b7bf40ddf5f155924845a13ba3b8ec99f5cabcbd95ae
Opcode Fuzzy Hash: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
Instruction Fuzzy Hash: B9519C11F2864241FE64AB275D0117A5290FF8CBD4F488435DE1ECBBA6EEBCF8567242

Function 00007FF62B683480 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF62B683484

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
Instruction ID: 3a2405948720ce37311b99a8f47494619bf9578db49120359a1c1ec01ed74b47
Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
Instruction Fuzzy Hash: 4BB09220E07A02C2EE082B216CA222822A4BF4C700F9C4138C00C84330DE2C20EA6B02

Function 00007FF62B6735A0 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
Instruction ID: b525985f2732fcca4c63c975dbd9637ccf0d4f30bdab4e23dac55ea17f5effca
Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
Instruction Fuzzy Hash: 37D1B962A4864245EF68CE25885027D27A0FF09B48F1C8235CE0D8B7E5DFBDD846F742

Function 00007FF62B669800 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
Instruction ID: a6c7b53273cb23b51e573946001e50e0358a9145f9dceaaa51108b05579b0b1b
Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
Instruction Fuzzy Hash: 85C1BF722181E18BD289EB29E87947A73E1F78930DB95406BEF87477C5CB3CA414EB11

Function 00007FF62B672C10 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
Instruction ID: 8c9f57598537ba8e2ec198a31cf4f7b59ebba1b631f7a4b7ce11e03a2748e9b6
Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
Instruction Fuzzy Hash: 6CB15C7290978585EB648F39C85423C3BA0F74EB48F284135CA8E8B3A5DFB9D441F746

Function 00007FF62B67E570 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
Instruction ID: dfd9b07273c7271e964b71f41cac15bff636219463c2bd5715cf490a6ed85b4f
Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
Instruction Fuzzy Hash: 87811372A0838186EF74CB59D84037A7A95FB49794F104235DA8D8FBA9DF7DE004BB02

Function 00007FF62B686418 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 403f67b08c5d8b9127b9d27d37b93e2a1e0a746a19683c5483168a42cc689f1f
Instruction ID: 1146cedd7fcdc547da0e7f72ce355bb2721fee01e8a026579bcf4f3a0663889d
Opcode Fuzzy Hash: 403f67b08c5d8b9127b9d27d37b93e2a1e0a746a19683c5483168a42cc689f1f
Instruction Fuzzy Hash: FB61F422E1829246FF648A289C5063D6681FF4B7B0F144239D71DC7AF5EE7DE848A703

Function 00007FF62B672164 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
Instruction ID: 49446adfcfc52c2d417f61773cf894d7f2956ff16b3b5278a559025d00f332c6
Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
Instruction Fuzzy Hash: AC516976A1865186EB648B29C8442383361FB5EB58F244135CB9D8B7A4CF7AE843F741

Function 00007FF62B671944 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
Instruction ID: d853f2c35949f00dfe32f85155121b70577f8124ea4cc65e54e765abbab8c229
Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
Instruction Fuzzy Hash: A8516676A1465186EB248B29C44437837A0FB49F58F244132CE8D9B7B8DF7AE893F741

Function 00007FF62B671D54 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
Instruction ID: 9e503fe8822558391d3b052c459ee5df9790a3702affd3bb85c180ce403137f2
Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
Instruction Fuzzy Hash: CA519B36A1965181EB248B15C44063833A0FB4DB58F244132CE8D9B7B8DF7AEC93FB41

Function 00007FF62B671B50 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
Instruction ID: 01a8a992a8b668ffeb275a6063568bf36007a99ab8728a623fcf6387969586a9
Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
Instruction Fuzzy Hash: 77517576A1865185EB248F29C44423837A1FB49F58F245132CE4D9B7A8DF7AE883FB41

Function 00007FF62B671F60 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
Instruction ID: 37a5bf410c0b966d92e9b7cb6965d42ffb77e90420dc5a4d9b8eccec40893724
Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
Instruction Fuzzy Hash: 8351763661465585EB248F29C84433827A1FB49B58F244131CE8C9B7B9CF7AEC83F781

Function 00007FF62B671740 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
Instruction ID: a904bb4ed610f6d5d4891925e51510b872ea821d4259b1f0170b4f552aee6693
Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
Instruction Fuzzy Hash: A8515436A1865186EB248B29C44433837A1FB4DB58F244132CE4D9B7B8CF7AE883F741

Function 00007FF62B675D30 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
Instruction ID: 9156f51e363075990a0b8b219b6a6bdadda15f8caa9fe0f65513c8ae1e1bee99
Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
Instruction Fuzzy Hash: BA41A762C0E78A45ED99891C0D08AB81B80FF1A7A0D5853F4DD9D9F3F3DE4D6586F102

Function 00007FF62B679EA0 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
Instruction ID: 904ef245d95462920fdd42641fffdcab229760ef09e18483ef8af242497d4383
Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
Instruction Fuzzy Hash: 7E41F222714A5582EF04CF6ADE14669A3A1FB4CFD0B099437EE1DDBB68EE7DC0529301

Function 00007FF62B6780E4 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
Instruction ID: 3655bacc4d177f4f5dfa1b2e6d4fac2d202d0a670cb782ff44264e45b15ade77
Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
Instruction Fuzzy Hash: 7731C332B18B4241EA649B26AC4017E7AD4FF89BD0F144238EA5D97BE5DF7CE401A705

Function 00007FF62B689570 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
Instruction ID: 0892e2d57195ff1ad3ae7470b358b72156718f5cac85063f817ceee13a624bfc
Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
Instruction Fuzzy Hash: 40F04F71B182A68ADFA89F69A80262977D0F7083C0F84D039E689C3B14DE3C90619F06

Function 00007FF62B66D30C Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
Instruction ID: 72dfccc8970ce00a7153ffc4d1de935d1241371f365b46a8ffa507c5ff06bce8
Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
Instruction Fuzzy Hash: 0FA0012190C80BD0EA448B02ACA00352220FB5A354B840071E10DA50B09E2DA409A342

Function 00007FF62B6676C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF62B6676D7
GetLastError.KERNEL32 ref: 00007FF62B6676E9
GetProcAddress.KERNEL32 ref: 00007FF62B667725
GetLastError.KERNEL32 ref: 00007FF62B667737
GetProcAddress.KERNEL32 ref: 00007FF62B667750
GetLastError.KERNEL32 ref: 00007FF62B667762
GetProcAddress.KERNEL32 ref: 00007FF62B66777B
GetLastError.KERNEL32 ref: 00007FF62B66778D
GetProcAddress.KERNEL32 ref: 00007FF62B6677A9
GetLastError.KERNEL32 ref: 00007FF62B6677BB
GetProcAddress.KERNEL32 ref: 00007FF62B6677D7
GetLastError.KERNEL32 ref: 00007FF62B6677E9
GetProcAddress.KERNEL32 ref: 00007FF62B667805
GetLastError.KERNEL32 ref: 00007FF62B667817
GetProcAddress.KERNEL32 ref: 00007FF62B667833
GetLastError.KERNEL32 ref: 00007FF62B667845
GetProcAddress.KERNEL32 ref: 00007FF62B667861
GetLastError.KERNEL32 ref: 00007FF62B667873

Strings

Tcl_MutexFinalize, xrefs: 00007FF62B66790F, 00007FF62B667931
Tcl_ThreadQueueEvent, xrefs: 00007FF62B6679C7, 00007FF62B6679E9
Tk_GetNumMainWindows, xrefs: 00007FF62B667CA7, 00007FF62B667CC9
Tcl_ThreadAlert, xrefs: 00007FF62B6679F5, 00007FF62B667A17
Tcl_GetString, xrefs: 00007FF62B667AAD, 00007FF62B667ACF
Tcl_FinalizeThread, xrefs: 00007FF62B6677CD, 00007FF62B6677EF
Tk_Init, xrefs: 00007FF62B667C79, 00007FF62B667C9B
Tcl_EvalFile, xrefs: 00007FF62B667B93, 00007FF62B667BB5
Tcl_ConditionNotify, xrefs: 00007FF62B66796B, 00007FF62B66798D
Tcl_CreateObjCommand, xrefs: 00007FF62B667A7F, 00007FF62B667AA1
Tcl_Alloc, xrefs: 00007FF62B667C1D, 00007FF62B667C3F
Tcl_ConditionWait, xrefs: 00007FF62B667999, 00007FF62B6679BB
Tcl_EvalObjv, xrefs: 00007FF62B667BEF, 00007FF62B667C11
Tcl_MutexUnlock, xrefs: 00007FF62B6678E1, 00007FF62B667903
Tcl_GetVar2, xrefs: 00007FF62B667A23, 00007FF62B667A45
Tcl_ConditionFinalize, xrefs: 00007FF62B66793D, 00007FF62B66795F
Tcl_MutexLock, xrefs: 00007FF62B6678B3, 00007FF62B6678D5
Tcl_NewByteArrayObj, xrefs: 00007FF62B667B09, 00007FF62B667B2B
Tcl_SetVar2Ex, xrefs: 00007FF62B667B37, 00007FF62B667B59
Tcl_GetCurrentThread, xrefs: 00007FF62B667857, 00007FF62B667879
Tcl_NewStringObj, xrefs: 00007FF62B667ADB, 00007FF62B667AFD
Tcl_JoinThread, xrefs: 00007FF62B667885, 00007FF62B6678A7
Tcl_DeleteInterp, xrefs: 00007FF62B6677FB, 00007FF62B66781D
Tcl_SetVar2, xrefs: 00007FF62B667A51, 00007FF62B667A73
Failed to get address for %hs, xrefs: 00007FF62B6676F8
Tcl_EvalEx, xrefs: 00007FF62B667BC1, 00007FF62B667BE3
Tcl_Finalize, xrefs: 00007FF62B66779F, 00007FF62B6677C1
Tcl_DoOneEvent, xrefs: 00007FF62B667771, 00007FF62B667793
GetProcAddress, xrefs: 00007FF62B6676FF
Tcl_FindExecutable, xrefs: 00007FF62B667746, 00007FF62B667768
Tcl_Free, xrefs: 00007FF62B667C4B, 00007FF62B667C6D
Tcl_Init, xrefs: 00007FF62B6676D0, 00007FF62B6676EF
Tcl_CreateThread, xrefs: 00007FF62B667829, 00007FF62B66784B
Tcl_GetObjResult, xrefs: 00007FF62B667B65, 00007FF62B667B87
Tcl_CreateInterp, xrefs: 00007FF62B66771B, 00007FF62B66773D

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: AddressErrorLastProc
String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
API String ID: 199729137-3427451314
Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
Instruction ID: f56381cc8ecda90a2c437410028667b7c00a43f7eb7ecd5117caae239192a1d7
Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
Instruction Fuzzy Hash: 3202AC24A09B0791EE159F55BC909B822A1FF5E795F580139D82EC22B0FF7CB58DB213

Function 00007FF62B6681D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF62B669390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF62B6645F4,00000000,00007FF62B661985), ref: 00007FF62B6693C9

ExpandEnvironmentStringsW.KERNEL32(?,00007FF62B6686B7,?,?,00000000,00007FF62B663CBB), ref: 00007FF62B66822C

Part of subcall function 00007FF62B662810: MessageBoxW.USER32 ref: 00007FF62B6628EA

Strings

LOADER: failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF62B668240
CreateDirectory, xrefs: 00007FF62B66837C
\, xrefs: 00007FF62B668261
LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!, xrefs: 00007FF62B66829D
LOADER: failed to create runtime-tmpdir path %ls!, xrefs: 00007FF62B668373
LOADER: failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF62B6682D9
LOADER: failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF62B668203
%.*s, xrefs: 00007FF62B66830C

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
API String ID: 1662231829-930877121
Opcode ID: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
Instruction ID: 24c24524250a33d7a182d1d558f39d65dd7ea86a9ca08df800188ce0fb7ecd69
Opcode Fuzzy Hash: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
Instruction Fuzzy Hash: 99519321A2CA4381FF609B35EC556BA6260FF9C784F444436DA4EC66F5FE2CF508A742

Function 00007FF62B662180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF62B6621AB
SelectObject.GDI32 ref: 00007FF62B6621F2
DrawTextW.USER32 ref: 00007FF62B662215
SelectObject.GDI32 ref: 00007FF62B66222B
ReleaseDC.USER32 ref: 00007FF62B66223B
MoveWindow.USER32 ref: 00007FF62B66228B
MoveWindow.USER32 ref: 00007FF62B6622CB
MoveWindow.USER32 ref: 00007FF62B66231E
MoveWindow.USER32 ref: 00007FF62B662366

Strings

P%, xrefs: 00007FF62B6621FF

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: MoveWindow$ObjectSelect$DrawReleaseText
String ID: P%
API String ID: 2147705588-2959514604
Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
Instruction ID: 2ca56c55c9f6017640a2caf682933aa238ad78bd78648337da2c871ff0878b58
Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
Instruction Fuzzy Hash: 0051E826604BA186DA349F26E8181BAB7A1F79CBA1F044125EFDE83695DF3CD045DB10

Function 00007FF62B6680C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

GetWindowLongPtrW.USER32 ref: 00007FF62B6680FF
GetWindowLongPtrW.USER32 ref: 00007FF62B66817F
ShutdownBlockReasonCreate.USER32 ref: 00007FF62B668192
GetLastError.KERNEL32 ref: 00007FF62B66819C
SetWindowLongPtrW.USER32 ref: 00007FF62B6681B3

Strings

Needs to remove its temporary files., xrefs: 00007FF62B668185

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: LongWindow$BlockCreateErrorLastReasonShutdown
String ID: Needs to remove its temporary files.
API String ID: 3975851968-2863640275
Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
Instruction ID: 7fadaa6ff496cabe3bfb620c52aee35c71d83dd7fb0804995cd8ebdeab284d52
Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
Instruction Fuzzy Hash: E6217121B09A4382EF518B7AEC542796250FF8EBD0F5C4231DA2DC73B9DE2CE5959602

Function 00007FF62B676290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B6762D3
_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B6766C0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B67695C

Strings

:, xrefs: 00007FF62B67648C
p, xrefs: 00007FF62B676385
p, xrefs: 00007FF62B6763FD
f, xrefs: 00007FF62B6763F5
-, xrefs: 00007FF62B676369

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$:$f$p$p
API String ID: 3215553584-2013873522
Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction ID: 93b9b64d81ace2b10fc611903e8c7153fb686119997454faabcb6d825ea17a96
Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction Fuzzy Hash: 1612D572E0C24386FF609E14D95427976A1FB48750FD48135E7898AAE8DFBCE580FB12

Function 00007FF62B670FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B671008
_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B6713D0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B67166F

Strings

p, xrefs: 00007FF62B6710AD
f, xrefs: 00007FF62B6710A0
p, xrefs: 00007FF62B671112
f, xrefs: 00007FF62B67110A
f, xrefs: 00007FF62B671255

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$f$p$p$f
API String ID: 3215553584-1325933183
Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
Instruction ID: a5ec01e696200ff26c35fed284041fe2616ad110d10aab2d5d618542081c75ba
Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
Instruction Fuzzy Hash: 0C12A762E1C14386FF249E14E85467976A1FB84750F944137D69A8EAECDFBCE4C0BB02

Function 00007FF62B661050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON

Download Yara Rule

Strings

fseek, xrefs: 00007FF62B6610D3
fread, xrefs: 00007FF62B6611FD
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF62B6611F6
malloc, xrefs: 00007FF62B66110F
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF62B6610CC
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF62B661108
Failed to extract %s: failed to open archive file!, xrefs: 00007FF62B661098

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: d887d44ea8411714a319a2ddb58e34d6532429a931d40157cb204db5ad1c3ab0
Instruction ID: 0e4b28272fb47977b2e82b16f73e33e80075fb77cbd6b1915097b06637e697da
Opcode Fuzzy Hash: d887d44ea8411714a319a2ddb58e34d6532429a931d40157cb204db5ad1c3ab0
Instruction Fuzzy Hash: 05419161F1865382EE10DB12AC046B9A394FF8DBC4F485532EE4C877B6DE3CE545A742

Function 00007FF62B661470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON

Download Yara Rule

Strings

fseek, xrefs: 00007FF62B6614E5
fread, xrefs: 00007FF62B6615E6
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF62B6615DF
malloc, xrefs: 00007FF62B66151F
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF62B6614DE
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF62B661518
Failed to extract %s: failed to open archive file!, xrefs: 00007FF62B66149F

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: 04eae6a6e28014538c265d314aaf186d5e7ccf6377acaf4908732b6d0be74f73
Instruction ID: ef40d854c72e090e40383d6d0e5f79a81bcf2fcb84ffc7a153d679973d143454
Opcode Fuzzy Hash: 04eae6a6e28014538c265d314aaf186d5e7ccf6377acaf4908732b6d0be74f73
Instruction Fuzzy Hash: 0F41B062E0864386EF00DB21EC101B9A390FF8D794F484532EE4D87BB5DE7CE586A746

Function 00007FF62B66EA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF62B66EA65

Part of subcall function 00007FF62B66F9BC: __GetUnwindTryBlock.LIBCMT ref: 00007FF62B66F9FF
Part of subcall function 00007FF62B66F9BC: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF62B66FA24

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF62B66EB3D
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF62B66ED8B
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF62B66EE98

Strings

csm, xrefs: 00007FF62B66EB60
csm, xrefs: 00007FF62B66EAE6
csm, xrefs: 00007FF62B66EA7F

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
Instruction ID: 8e5c01c6373a9264f7c6ef70219ff130f6c512a399663b4475229957733e43f5
Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
Instruction Fuzzy Hash: 2DD19132A08B428AEF209FA5D9403AD77A0FB59788F100135EE4D97BA5DF3CE495D742

Function 00007FF62B662C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF62B663706,?,00007FF62B663804), ref: 00007FF62B662C9E
FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF62B663706,?,00007FF62B663804), ref: 00007FF62B662D63
MessageBoxW.USER32 ref: 00007FF62B662D99

Strings

<FormatMessageW failed.>, xrefs: 00007FF62B662D70
%ls: , xrefs: 00007FF62B662D22
[PYI-%d:ERROR] , xrefs: 00007FF62B662CA6
Error, xrefs: 00007FF62B662D8C

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Message$CurrentFormatProcess
String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
API String ID: 3940978338-251083826
Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction ID: 3b82a6f042cb8294869c5cfefee11cd8ebf8d8861c0239fda78a6345d59fca6c
Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction Fuzzy Hash: 7A31D832B08A4242EB209B25AC142AA6691FF8C7D8F410136EF4DD7769EF3CD55AD701

Function 00007FF62B66DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF62B66DF7A,?,?,?,00007FF62B66DC6C,?,?,?,00007FF62B66D869), ref: 00007FF62B66DD4D
GetLastError.KERNEL32(?,?,?,00007FF62B66DF7A,?,?,?,00007FF62B66DC6C,?,?,?,00007FF62B66D869), ref: 00007FF62B66DD5B
LoadLibraryExW.KERNEL32(?,?,?,00007FF62B66DF7A,?,?,?,00007FF62B66DC6C,?,?,?,00007FF62B66D869), ref: 00007FF62B66DD85
FreeLibrary.KERNEL32(?,?,?,00007FF62B66DF7A,?,?,?,00007FF62B66DC6C,?,?,?,00007FF62B66D869), ref: 00007FF62B66DDF3
GetProcAddress.KERNEL32(?,?,?,00007FF62B66DF7A,?,?,?,00007FF62B66DC6C,?,?,?,00007FF62B66D869), ref: 00007FF62B66DDFF

Strings

api-ms-, xrefs: 00007FF62B66DD6D

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction ID: 7d0e1276cc803e506061586be68658223c7d57255cdeaee01e79f270f6df4a03
Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction Fuzzy Hash: 0A31A261B1BA4391EE12AB07AC506B52394FF4CBA4F594535DD1D8B3A0EF3CE844A302

Function 00007FF62B666360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON

Download Yara Rule

Strings

Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d), xrefs: 00007FF62B6663C7
ucrtbase.dll, xrefs: 00007FF62B6663DD
Failed to load Python DLL '%ls'., xrefs: 00007FF62B6664A7
LoadLibrary, xrefs: 00007FF62B6664AE
Path of Python shared library (%s) and its name (%s) exceed buffer size (%d), xrefs: 00007FF62B666456
Path of ucrtbase.dll (%s) and its name exceed buffer size (%d), xrefs: 00007FF62B666407

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
API String ID: 2050909247-2434346643
Opcode ID: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
Instruction ID: fb88b7f4fd4516044d623ad47ca8929b1f7e7d53441279691a8772fa4983012d
Opcode Fuzzy Hash: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
Instruction Fuzzy Hash: 9D416D31A19A8791EE25DB20E8542E96311FF5C384F804132EA5DC36B9EF3CE559D742

Function 00007FF62B662A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF62B66351A,?,00000000,00007FF62B663F23), ref: 00007FF62B662AA0

Strings

Warning, xrefs: 00007FF62B662B1E
Warning [ANSI Fallback], xrefs: 00007FF62B662B0F
[PYI-%d:%s] , xrefs: 00007FF62B662AA8
WARNING, xrefs: 00007FF62B662AAF
0, xrefs: 00007FF62B662B16

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentProcess
String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-2900015858
Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction ID: 7a5378d69ddca582fe2c0d392ac19065fc46f0647e75a32cf4be698629682ff1
Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction Fuzzy Hash: D3218132A19B8292EB209B51BC817EA6394FB8C7C4F440136EE8D83669DF7CD1499741

Function 00007FF62B67B150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF62B67B15F
FlsGetValue.KERNEL32 ref: 00007FF62B67B174
FlsSetValue.KERNEL32 ref: 00007FF62B67B195
FlsSetValue.KERNEL32 ref: 00007FF62B67B1C2
FlsSetValue.KERNEL32 ref: 00007FF62B67B1D3
FlsSetValue.KERNEL32 ref: 00007FF62B67B1E4
SetLastError.KERNEL32 ref: 00007FF62B67B1FF

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
Instruction ID: 4242b5e65e6dec8d4f4de1fe057aa7c381b072667752d687cbb514e115e30f93
Opcode Fuzzy Hash: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
Instruction Fuzzy Hash: 0F213D24A1D68385FE5453615E612395242FF4C7B0F188634E93ECEBF6DDADA4417702

Function 00007FF62B687D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF62B687D9D
GetLastError.KERNEL32 ref: 00007FF62B687DA9
CloseHandle.KERNEL32 ref: 00007FF62B687DC1
CreateFileW.KERNEL32 ref: 00007FF62B687DEC
WriteConsoleW.KERNEL32 ref: 00007FF62B687E0B

Strings

CONOUT$, xrefs: 00007FF62B687DCD

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
Instruction ID: 4c1d46b9d88d8ecc1324b387787f17f5c5cfdce93bbdcba42aacd9d639d24439
Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
Instruction Fuzzy Hash: EE114F21A18A4286EB508B52AC5533962A0FB8DFE4F044234EA6DC77B4DF7CD8588741

Function 00007FF62B668ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF62B663FB1), ref: 00007FF62B668EFD
K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF62B663FB1), ref: 00007FF62B668F5A

Part of subcall function 00007FF62B669390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF62B6645F4,00000000,00007FF62B661985), ref: 00007FF62B6693C9

K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF62B663FB1), ref: 00007FF62B668FE5
K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF62B663FB1), ref: 00007FF62B669044
FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF62B663FB1), ref: 00007FF62B669055
FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF62B663FB1), ref: 00007FF62B66906A

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
String ID:
API String ID: 3462794448-0
Opcode ID: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
Instruction ID: ab7dc8115135109bc3d4094cf05d8a2e669866a704fdfde0108b28b07694ad7f
Opcode Fuzzy Hash: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
Instruction Fuzzy Hash: 35417C62A19A8381EE349B12AD403BA6394FB8DBC4F440139DF8D977E9DE3CE500D701

Function 00007FF62B67B2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF62B674F11,?,?,?,?,00007FF62B67A48A,?,?,?,?,00007FF62B67718F), ref: 00007FF62B67B2D7
FlsSetValue.KERNEL32(?,?,?,00007FF62B674F11,?,?,?,?,00007FF62B67A48A,?,?,?,?,00007FF62B67718F), ref: 00007FF62B67B30D
FlsSetValue.KERNEL32(?,?,?,00007FF62B674F11,?,?,?,?,00007FF62B67A48A,?,?,?,?,00007FF62B67718F), ref: 00007FF62B67B33A
FlsSetValue.KERNEL32(?,?,?,00007FF62B674F11,?,?,?,?,00007FF62B67A48A,?,?,?,?,00007FF62B67718F), ref: 00007FF62B67B34B
FlsSetValue.KERNEL32(?,?,?,00007FF62B674F11,?,?,?,?,00007FF62B67A48A,?,?,?,?,00007FF62B67718F), ref: 00007FF62B67B35C
SetLastError.KERNEL32(?,?,?,00007FF62B674F11,?,?,?,?,00007FF62B67A48A,?,?,?,?,00007FF62B67718F), ref: 00007FF62B67B377

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
Instruction ID: bb07d330185bb55ae2661bef71be276e2cb23f3f707bc2b67f95f59a793c4f8f
Opcode Fuzzy Hash: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
Instruction Fuzzy Hash: 10113B20A0C64382FE5457615E6113D5142FF4CBB0F188735E93ECA7F6EEACA4817702

Function 00007FF62B662910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF62B661B6A), ref: 00007FF62B66295E

Strings

[PYI-%d:ERROR] , xrefs: 00007FF62B662966
%s: %s, xrefs: 00007FF62B6629E8
Error, xrefs: 00007FF62B662A0E
Error [ANSI Fallback], xrefs: 00007FF62B6629FF

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentProcess
String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
API String ID: 2050909247-2962405886
Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
Instruction ID: 0cd0e003fce5446edb5941d426267cb973baf92de679dfef0fd107f9e417074a
Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
Instruction Fuzzy Hash: 3031F432B19A8252EB209766AC402EA6295FF8C7D4F440132EE8DC3769EF7CD14AD601

Function 00007FF62B662390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF62B6623C8
DialogBoxIndirectParamW.USER32 ref: 00007FF62B66248E
DeleteObject.GDI32 ref: 00007FF62B6624C1
DestroyIcon.USER32 ref: 00007FF62B6624D3

Strings

Unhandled exception in script, xrefs: 00007FF62B6623F8

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
String ID: Unhandled exception in script
API String ID: 3081866767-2699770090
Opcode ID: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
Instruction ID: 62b796f472bd4b1838b71cca523ff7f1882aedabf7982763c5116e804cb835c7
Opcode Fuzzy Hash: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
Instruction Fuzzy Hash: 51313072A19A8289EF20DB61EC552F96360FF8D788F440135EA4D8BB6ADF7CD105D702

Function 00007FF62B662B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF62B66918F,?,00007FF62B663C55), ref: 00007FF62B662BA0
MessageBoxW.USER32 ref: 00007FF62B662C2A

Strings

Warning, xrefs: 00007FF62B662C1D
WARNING, xrefs: 00007FF62B662BAF
[PYI-%d:%ls] , xrefs: 00007FF62B662BA8

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentMessageProcess
String ID: WARNING$Warning$[PYI-%d:%ls]
API String ID: 1672936522-3797743490
Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction ID: 50af98dd34d4ed00bb0636848972dc207b78000ee3245f20a99da97348c54805
Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction Fuzzy Hash: 4921D332B08B4292EB209B14F8447AA63A4FB8C7C4F444136EA8D97666DE3CD219D740

Function 00007FF62B662710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF62B661B99), ref: 00007FF62B662760

Strings

[PYI-%d:%s] , xrefs: 00007FF62B662768
Error, xrefs: 00007FF62B6627DE
Error [ANSI Fallback], xrefs: 00007FF62B6627CF
ERROR, xrefs: 00007FF62B66276F

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentProcess
String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-1591803126
Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
Instruction ID: 4fc61fb238b367955d8a9c133f95acda7da289793bbe49e1e2f3578b297b693d
Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
Instruction Fuzzy Hash: 91219072A19B8292EB20DB51BC817EA6794FB8C3C4F440136FE8D83669EF7CD1499741

Function 00007FF62B679A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF62B679AAD
GetProcAddress.KERNEL32 ref: 00007FF62B679AC3
FreeLibrary.KERNEL32 ref: 00007FF62B679AEA

Strings

mscoree.dll, xrefs: 00007FF62B679AA4
CorExitProcess, xrefs: 00007FF62B679ABC

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction ID: f0e3ac722b9f1250b0a820be091e31aecc182edb650c1f6c568335dcd928489f
Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction Fuzzy Hash: 1CF04F21A0AA0792EF108B24AC8577A6360FF4E7A1F580235D66E8A6F4DF6DD048F741

Function 00007FF62B689368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF62B689390
_set_statfp.LIBCMT ref: 00007FF62B6893AB
_set_statfp.LIBCMT ref: 00007FF62B6893C7
_set_statfp.LIBCMT ref: 00007FF62B689403

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction ID: a8a24c72cb1ffcfcc411efddb29d52e84f75f3b0b42f7d4b3d23676636b0dbdb
Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction Fuzzy Hash: D1114222E5CA0303FE651165EC9D3791150FF9F3E8E046634EB6ED66F68EAC68496202

Function 00007FF62B67B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF62B67A5A3,?,?,00000000,00007FF62B67A83E,?,?,?,?,?,00007FF62B67A7CA), ref: 00007FF62B67B3AF
FlsSetValue.KERNEL32(?,?,?,00007FF62B67A5A3,?,?,00000000,00007FF62B67A83E,?,?,?,?,?,00007FF62B67A7CA), ref: 00007FF62B67B3CE
FlsSetValue.KERNEL32(?,?,?,00007FF62B67A5A3,?,?,00000000,00007FF62B67A83E,?,?,?,?,?,00007FF62B67A7CA), ref: 00007FF62B67B3F6
FlsSetValue.KERNEL32(?,?,?,00007FF62B67A5A3,?,?,00000000,00007FF62B67A83E,?,?,?,?,?,00007FF62B67A7CA), ref: 00007FF62B67B407
FlsSetValue.KERNEL32(?,?,?,00007FF62B67A5A3,?,?,00000000,00007FF62B67A83E,?,?,?,?,?,00007FF62B67A7CA), ref: 00007FF62B67B418

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
Instruction ID: 8fb2c061f29df86eec99f6821a617f96b29660e27773fc6b64c170ae19dd869e
Opcode Fuzzy Hash: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
Instruction Fuzzy Hash: E2116D20E0864381FE5893659E615796141FF4C7B0F588334E93DCE7FADEACA482B202

Function 00007FF62B67B224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF62B67B235
FlsSetValue.KERNEL32 ref: 00007FF62B67B254
FlsSetValue.KERNEL32 ref: 00007FF62B67B27C
FlsSetValue.KERNEL32 ref: 00007FF62B67B28D
FlsSetValue.KERNEL32 ref: 00007FF62B67B29E

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
Instruction ID: 052feb299390e5c8b4f9299b42ca05e4caf70eae0a24317c4065e350c5369393
Opcode Fuzzy Hash: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
Instruction Fuzzy Hash: 8B110620A0A60785FE9863614D2157A1142FF4D730F088734E93ECE6F2EDACB4827603

Function 00007FF62B675FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B675FDC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B676106
_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B6761BC

Strings

verbose, xrefs: 00007FF62B675FB0

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: verbose
API String ID: 3215553584-579935070
Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
Instruction ID: 3da84ce7255c2e6bf4f0202b8289135cf5916e04350e00ff7d33cdde97a9a476
Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
Instruction Fuzzy Hash: C991D132A18A4685FF618E28DC5437D3791FB48B94F444132DA6D8B3E6DEBCE845B302

Function 00007FF62B67FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B67FEA7

Part of subcall function 00007FF62B677A3C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B677A59

Strings

UTF-16LEUNICODE, xrefs: 00007FF62B67FE45
UTF-8, xrefs: 00007FF62B67FE26
ccs, xrefs: 00007FF62B67FDE2

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction ID: 712cbc89d7e88abd55efd4e4455274cd60c9db9e8f6420721d0034bb89690b83
Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction Fuzzy Hash: 6C81BE72E092C28DFF649F298910E7926A0FB19B44F559031CA09CF2B5DFADE841B703

Function 00007FF62B66D648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF62B66D673
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF62B66D70A
RtlUnwindEx.KERNEL32 ref: 00007FF62B66D764

Strings

csm, xrefs: 00007FF62B66D6F1

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
Instruction ID: 68998a68f771038b79c499ba007c7687ce1dc29b320913c727495e10af920016
Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
Instruction Fuzzy Hash: CA51AF32B196438ADF18CF1AE844A787791FB48B98F158134DA5E877A8DF7CE841D702

Function 00007FF62B66F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF62B66F2B0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF62B66F398

Strings

csm, xrefs: 00007FF62B66F3EA
csm, xrefs: 00007FF62B66F2D2

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction ID: 85b6f4a6a786cef82ac3b6554ad5aad99765af9f04af9695340defb1792a6280
Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction Fuzzy Hash: 0E518D33A082838EEF648B22D98426C77A0FB59B84F145136DA5D87BA6CF3CE450D742

Function 00007FF62B66EED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF62B66EF37
_CallSETranslator.LIBVCRUNTIME ref: 00007FF62B66EF83

Strings

RCC, xrefs: 00007FF62B66EF53
MOC, xrefs: 00007FF62B66EF4B

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
Instruction ID: 03cfd8a24039ce7c606c805639c98eb755fd859810a723a10920a47bd513a875
Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
Instruction Fuzzy Hash: D7618332908BC686DB609F15E8407AAB7A0FB897D4F044225EB9C47B69DF7CD191DB01

Function 00007FF62B662810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32 ref: 00007FF62B6628EA

Strings

ERROR, xrefs: 00007FF62B66286F
[PYI-%d:%ls] , xrefs: 00007FF62B662868
Error, xrefs: 00007FF62B6628DD

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Message
String ID: ERROR$Error$[PYI-%d:%ls]
API String ID: 2030045667-255084403
Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
Instruction ID: 5e798cf34b5047ad6f580cca04da4af25be06cfb9d01fce0b6775cb5d0f101bf
Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
Instruction Fuzzy Hash: A521D372B08B4292EB109B14F8447EA6360FB8C780F444136EA8D97666DE3CD259D740

Function 00007FF62B67C5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF62B67C61F
WriteFile.KERNEL32 ref: 00007FF62B67C8E7
WriteFile.KERNEL32 ref: 00007FF62B67C92D
GetLastError.KERNEL32 ref: 00007FF62B67C9E3

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
Instruction ID: f3dfe5cedda739d959eeca43c498533197e984bc6343ca06bcdf282d9c0f8e9c
Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
Instruction Fuzzy Hash: 08D1F572B18A8189FB50CF65D8402AC37B2FB59798B444235DF5EDBBA9DE78D006E301

Function 00007FF62B6620C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EndDialog.USER32 ref: 00007FF62B6620F4
SetWindowLongPtrW.USER32 ref: 00007FF62B662116
GetWindowLongPtrW.USER32 ref: 00007FF62B662140
InvalidateRect.USER32 ref: 00007FF62B662160

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: LongWindow$DialogInvalidateRect
String ID:
API String ID: 1956198572-0
Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
Instruction ID: c143733f875e058587f686f9581dcab62b77fb3825c4e9f52f7ce3c9347da6d1
Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
Instruction Fuzzy Hash: 7711E921E0C14782FF548B6AED4527A5251FB8D7C0F484030DF8D87BAECD2DD4D5A206

Function 00007FF62B685B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF62B681760: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B681793

_get_daylight.LIBCMT ref: 00007FF62B685C34
_get_daylight.LIBCMT ref: 00007FF62B685C45

Strings

?, xrefs: 00007FF62B685BC5

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
Instruction ID: 134e34a7a10537867fccc20dea3721f540f673748ceb9f9aed393f6e385cf290
Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
Instruction Fuzzy Hash: 10414912A0838242FF609B259C5137A6792FB9ABE4F144235EF5C86AF6DF3CD4459B02

Function 00007FF62B679014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B679046

Part of subcall function 00007FF62B67A948: RtlFreeHeap.NTDLL(?,?,?,00007FF62B682D22,?,?,?,00007FF62B682D5F,?,?,00000000,00007FF62B683225,?,?,?,00007FF62B683157), ref: 00007FF62B67A95E
Part of subcall function 00007FF62B67A948: GetLastError.KERNEL32(?,?,?,00007FF62B682D22,?,?,?,00007FF62B682D5F,?,?,00000000,00007FF62B683225,?,?,?,00007FF62B683157), ref: 00007FF62B67A968

GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF62B66CBA5), ref: 00007FF62B679064

Strings

C:\Users\user\Desktop\wp-cent.exe, xrefs: 00007FF62B679052

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\Desktop\wp-cent.exe
API String ID: 3580290477-4286105702
Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
Instruction ID: 7a4cc9fdf5115980df2d5094e1b2e271c76e841d66c49cc18e3d9fe45efa687a
Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
Instruction Fuzzy Hash: 3F41A932A18A1296EF149F21EC801BD63E4FB4D7D0B554035EA4E8BBA5CE7DE491B702

Function 00007FF62B67CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF62B67CD4F
GetLastError.KERNEL32 ref: 00007FF62B67CD71

Strings

U, xrefs: 00007FF62B67CCFB

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction ID: 5be65dd6817b34fea274761fff89ccfe656dba581b92157d0837f1239ec307c6
Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction Fuzzy Hash: 4741B232B19A8181EB608F25E8447AA67A1FB88784F944135EE4DC77A8EF7CD405E741

Function 00007FF62B67F5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32 ref: 00007FF62B67F5F8
GetCurrentDirectoryW.KERNEL32 ref: 00007FF62B67F64A

Strings

:, xrefs: 00007FF62B67F60E

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
Instruction ID: 9cb99d41f8c49fbffd3f0665d028e4b4be5ee23b22e91bf77b8a93fc3e01fe77
Opcode Fuzzy Hash: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
Instruction Fuzzy Hash: 86212672A1868185FF20CB11D84467D73B1FB8CB84F854035DA9D8B6A5DFBCE984EB42

Function 00007FF62B66FD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FF62B66FD98
RaiseException.KERNEL32 ref: 00007FF62B66FDD9

Strings

csm, xrefs: 00007FF62B66FDC6

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
Instruction ID: dd5fd6357abd36f60f6e53f882268482af99150b1b983c9f056a8644a7cd30c3
Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
Instruction Fuzzy Hash: B7112B32619B8282EB618F15E840269B7E5FB8CB98F584630EF8D47769DF3DD9518B00

Function 00007FF62B68073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B68076C
GetDriveTypeW.KERNEL32 ref: 00007FF62B6807AC

Strings

:, xrefs: 00007FF62B680795

Memory Dump Source

Source File: 00000000.00000002.2127140112.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000000.00000002.2127109979.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127177295.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127217137.00007FF62B6A2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2127319254.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: DriveType_invalid_parameter_noinfo
String ID: :
API String ID: 2595371189-336475711
Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
Instruction ID: d5599def176909b7191ec12c4788c775e4c23f209fceec545eab9384b39df3d2
Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
Instruction Fuzzy Hash: 3D01842191C60385FF209F609C6527E33A0FF4D784F840536D54DC66B1EF2CD508AB16

Analysis Process: wp-cent.exePID: 7536, Parent PID: 7476COMMON

Execution Graph

Execution Coverage:	11.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	825
Total number of Limit Nodes:	19

Executed Functions

Function 00007FF62B661000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

_PYI_PARENT_PROCESS_LEVEL, xrefs: 00007FF62B663A17, 00007FF62B663A2F, 00007FF62B663A9B
pyi-contents-directory, xrefs: 00007FF62B663B8D
PYINSTALLER_STRICT_UNPACK_MODE, xrefs: 00007FF62B663BE8
_PYI_APPLICATION_HOME_DIR not set for onefile child process!, xrefs: 00007FF62B663D35
Path exceeds PYI_PATH_MAX limit., xrefs: 00007FF62B663D12
Failed to load Tcl/Tk shared libraries for splash screen!, xrefs: 00007FF62B663EBB
pyi-python-flag, xrefs: 00007FF62B663AD6
Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s, xrefs: 00007FF62B663B32
Could not side-load PyInstaller's PKG archive from external file (%s), xrefs: 00007FF62B6639DE
Could not load PyInstaller's embedded PKG archive from the executable (%s), xrefs: 00007FF62B663971
PYINSTALLER_SUPPRESS_SPLASH_SCREEN, xrefs: 00007FF62B663E0A
MEI, xrefs: 00007FF62B663933
Failed to unpack splash screen dependencies from PKG archive!, xrefs: 00007FF62B663EA6
VCRUNTIME140.dll, xrefs: 00007FF62B663DB1
Failed to convert DLL search path!, xrefs: 00007FF62B663DDC
Py_GIL_DISABLED, xrefs: 00007FF62B663AF4
pyi-runtime-tmpdir, xrefs: 00007FF62B663B68
Failed to remove temporary directory: %s, xrefs: 00007FF62B663FCF
Failed to load splash screen resources!, xrefs: 00007FF62B663E85
Failed to start splash screen!, xrefs: 00007FF62B663ED4
Could not create temporary directory!, xrefs: 00007FF62B663CBF
pkg, xrefs: 00007FF62B6639BE
Failed to initialize security descriptor for temporary directory!, xrefs: 00007FF62B663C61
PYINSTALLER_RESET_ENVIRONMENT, xrefs: 00007FF62B663882, 00007FF62B6638AF
pyi-disable-windowed-traceback, xrefs: 00007FF62B663BB2
_PYI_ARCHIVE_FILE, xrefs: 00007FF62B6638D2, 00007FF62B6639FF
_PYI_SPLASH_IPC, xrefs: 00007FF62B663A23, 00007FF62B663EF5
_PYI_APPLICATION_HOME_DIR, xrefs: 00007FF62B663A0B, 00007FF62B663CD4, 00007FF62B663F6B

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
API String ID: 2776309574-4232158417
Opcode ID: 233ec7f25ec1ed803ce179537cd482b57a2e4efc6b2dbb8e538fcab84ef42543
Instruction ID: 798b9280e121487fdf4d6a2a3133f61ee780bcffae4c96aa23f12e0630260f9a
Opcode Fuzzy Hash: 233ec7f25ec1ed803ce179537cd482b57a2e4efc6b2dbb8e538fcab84ef42543
Instruction Fuzzy Hash: 72326D21E0868391FF159B299C543B926A1FF5D780F488036DA6DC72F6EF2CE558E702

Function 00007FF62B686964 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF62B686698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B6866D9
Part of subcall function 00007FF62B686698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B686757
Part of subcall function 00007FF62B686698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B6867A8

CreateFileW.KERNEL32 ref: 00007FF62B686A6A
CreateFileW.KERNEL32 ref: 00007FF62B686ABA
GetLastError.KERNEL32 ref: 00007FF62B686AEA
GetFileType.KERNEL32 ref: 00007FF62B686AFF
GetLastError.KERNEL32 ref: 00007FF62B686B09
CloseHandle.KERNEL32 ref: 00007FF62B686B3C
CloseHandle.KERNEL32 ref: 00007FF62B686C9F
CreateFileW.KERNEL32 ref: 00007FF62B686CD4
GetLastError.KERNEL32 ref: 00007FF62B686CE3

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction ID: ec374b58edf24c032fecb9b3a6aaf44636e7812c7970aa4e83b1d9c4c2e13388
Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction Fuzzy Hash: 4DC1CF36B28A4285EF10CFA5D8906AC3761F74EBA8B050235DA1E9B7E4DF38D455E301

Function 00007FF62B669280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32 ref: 00007FF62B6692B3
FindClose.KERNEL32 ref: 00007FF62B6692C2

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction ID: 1b10c08e9e162b89e7f00fb2e5f576f0b653b595c0d1b48da7a7320a6c145ef6
Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction Fuzzy Hash: 1BF0C832A1878386FB608B60BC887667350FB8C368F040335DAAD426E4DF3CD058DB01

Function 00007FF62B661950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF62B667F90: _fread_nolock.LIBCMT ref: 00007FF62B66803A

_fread_nolock.LIBCMT ref: 00007FF62B661A1B

Part of subcall function 00007FF62B662910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF62B661B6A), ref: 00007FF62B66295E

Strings

fread, xrefs: 00007FF62B661A32, 00007FF62B661B5C
Could not allocate memory for archive structure!, xrefs: 00007FF62B661A61
MEI, xrefs: 00007FF62B661991
malloc, xrefs: 00007FF62B661B22
calloc, xrefs: 00007FF62B661A68
Could not read full TOC!, xrefs: 00007FF62B661B55
Could not allocate buffer for TOC!, xrefs: 00007FF62B661B1B
Error on file., xrefs: 00007FF62B661B8D
Failed to seek to cookie position!, xrefs: 00007FF62B6619EE
Failed to read cookie!, xrefs: 00007FF62B661A2B
fseek, xrefs: 00007FF62B6619F5

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _fread_nolock$CurrentProcess
String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
API String ID: 2397952137-3497178890
Opcode ID: 6a04d0c4c8a0b99f23b16d6d676f1581d6c74e17851155a383b4fbd0f348e88e
Instruction ID: d1ef24804fa62ce1ffd34a25b0e9c6ed789855178a1b4b2aec1744839c36f429
Opcode Fuzzy Hash: 6a04d0c4c8a0b99f23b16d6d676f1581d6c74e17851155a383b4fbd0f348e88e
Instruction Fuzzy Hash: 3881C271E08A8786EF20DB25D8442B923A0FF8D784F445031DA8DC77A5EE7CE585AB42

Function 00007FF62B661470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fread, xrefs: 00007FF62B6615E6
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF62B661518
malloc, xrefs: 00007FF62B66151F
Failed to extract %s: failed to open archive file!, xrefs: 00007FF62B66149F
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF62B6614DE
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF62B6615DF
fseek, xrefs: 00007FF62B6614E5

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: 60a4f7716322392174b45f0900a3bf04e5f00cb62b5f775a2b3fa26e9f7385d7
Instruction ID: ef40d854c72e090e40383d6d0e5f79a81bcf2fcb84ffc7a153d679973d143454
Opcode Fuzzy Hash: 60a4f7716322392174b45f0900a3bf04e5f00cb62b5f775a2b3fa26e9f7385d7
Instruction Fuzzy Hash: 0F41B062E0864386EF00DB21EC101B9A390FF8D794F484532EE4D87BB5DE7CE586A746

Function 00007FF62B661210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: failed to allocate temporary input buffer!, xrefs: 00007FF62B6612BA
Failed to extract %s: failed to allocate temporary output buffer!, xrefs: 00007FF62B6612EF
1.3.1, xrefs: 00007FF62B661249
malloc, xrefs: 00007FF62B6612C1, 00007FF62B6612F6
Failed to extract %s: inflateInit() failed with return code %d!, xrefs: 00007FF62B661276
Failed to extract %s: decompression resulted in return code %d!, xrefs: 00007FF62B66141E

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentProcess
String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
API String ID: 2050909247-2813020118
Opcode ID: 096f828560730c5e91f8963ea1229aecabbed89a92b0e893cc7cf6d4f043b132
Instruction ID: 28105d6f899eaaa9a861faf75c35d519e24e17029db1a47c5ee9c54cd0063abf
Opcode Fuzzy Hash: 096f828560730c5e91f8963ea1229aecabbed89a92b0e893cc7cf6d4f043b132
Instruction Fuzzy Hash: D851C522E0864385EE209B12AC503BA6290FF89794F484135ED4DC7BF5EF3CE585E742

Function 00007FF62B6636B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,00007FF62B663804), ref: 00007FF62B6636E1
GetLastError.KERNEL32(?,00007FF62B663804), ref: 00007FF62B6636EB

Part of subcall function 00007FF62B662C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF62B663706,?,00007FF62B663804), ref: 00007FF62B662C9E
Part of subcall function 00007FF62B662C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF62B663706,?,00007FF62B663804), ref: 00007FF62B662D63
Part of subcall function 00007FF62B662C50: MessageBoxW.USER32 ref: 00007FF62B662D99

Strings

\\?\, xrefs: 00007FF62B66375A
Failed to resolve full path to executable %ls., xrefs: 00007FF62B663739
Failed to obtain executable path., xrefs: 00007FF62B6636F3
Failed to convert executable path to UTF-8., xrefs: 00007FF62B663790
GetModuleFileNameW, xrefs: 00007FF62B6636FA

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
API String ID: 3187769757-2863816727
Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction ID: 5a43601e797436ca80655bcfc628728584b181774cf045be084b71b178f69995
Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction Fuzzy Hash: 2D21B261B1C64381FF249B24EC143B62261FF8C384F844236EA6DC25F6EE2CE109E306

Function 00007FF62B67BA5C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B67BE89

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
Instruction ID: 8879ae1d39d9ec6a558fdfed77c4eaf11410eb21d6ac346bc7dcfb4a61f5f917
Opcode Fuzzy Hash: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
Instruction Fuzzy Hash: FFC10422A1C68782EE608B159C542BD7B50FB89BD0F5D4131EA4D8B7B1CEFDE845B702

Function 00007FF62B666360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Path of Python shared library (%s) and its name (%s) exceed buffer size (%d), xrefs: 00007FF62B666456
Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d), xrefs: 00007FF62B6663C7
ucrtbase.dll, xrefs: 00007FF62B6663DD
Failed to load Python DLL '%ls'., xrefs: 00007FF62B6664A7
LoadLibrary, xrefs: 00007FF62B6664AE
Path of ucrtbase.dll (%s) and its name exceed buffer size (%d), xrefs: 00007FF62B666407

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
API String ID: 2050909247-2434346643
Opcode ID: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
Instruction ID: fb88b7f4fd4516044d623ad47ca8929b1f7e7d53441279691a8772fa4983012d
Opcode Fuzzy Hash: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
Instruction Fuzzy Hash: 9D416D31A19A8791EE25DB20E8542E96311FF5C384F804132EA5DC36B9EF3CE559D742

Function 00007FF62B675628 Relevance: 6.1, APIs: 4, Instructions: 90
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B675655
CreateFileW.KERNEL32 ref: 00007FF62B675694
CloseHandle.KERNEL32 ref: 00007FF62B6756C9

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CloseCreateFileHandle_invalid_parameter_noinfo
String ID:
API String ID: 1279662727-0
Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
Instruction ID: 320e004e84ae81c38580b6e8f2e5ad2f3fe1a03b467e69c8ab95241f1e49efdf
Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
Instruction Fuzzy Hash: F441A722D2878183EB508B2099143797360FB987A4F108335E69C4BAF2DFBCA1E0A701

Function 00007FF62B66CC3C Relevance: 4.6, APIs: 3, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF62B66CE0C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF62B66CE20

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF62B66CC60
__scrt_release_startup_lock.LIBCMT ref: 00007FF62B66CCCE
__scrt_get_show_window_mode.LIBCMT ref: 00007FF62B66CD21

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
String ID:
API String ID: 3251591375-0
Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction ID: 74f1399c2fc0cebce41157075c85160e9387a689c9bf33d43aa24e63dda89bba
Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction Fuzzy Hash: AE314721E4994355FE14AB659C223B92292FF8E784F445434EA0ECB2F7DE6DB804F243

Function 00007FF62B67013C Relevance: 3.2, APIs: 2, Instructions: 177
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B670180
_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B670277

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
Instruction ID: 29c4a968f941f25f83820c9cd3f44c6cb9bf0b72a62aba59042f5c4176d1b01d
Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
Instruction Fuzzy Hash: 3D510722B1924286EF249A659C0067A7291FF8CBB4F184734DD7D8B7F5CEBCD440B622

Function 00007FF62B67C134 Relevance: 3.0, APIs: 2, Instructions: 46
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF62B67C2CD), ref: 00007FF62B67C180
GetLastError.KERNEL32(?,?,?,?,?,00007FF62B67C2CD), ref: 00007FF62B67C18A

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction ID: 75d9d6b910fb63102a675524f28df062235322e7c82744aa3202375215f93d71
Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction Fuzzy Hash: 2C11C861718A8181EE208B15BC541696352FB49FF4F544331EE7D8B7F5DE7CD011A701

Function 00007FF62B67AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,00007FF62B67A9D5,?,?,00000000,00007FF62B67AA8A), ref: 00007FF62B67ABC6
GetLastError.KERNEL32(?,?,?,00007FF62B67A9D5,?,?,00000000,00007FF62B67AA8A), ref: 00007FF62B67ABD0

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction ID: 0c9a8d85723b52bdf62c2b5c582fa4cd20c8978e3e33d97740b0dc0c53288855
Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction Fuzzy Hash: C5218411F1868241EE9497519C9437D1682FF8CBA0F184239DA3ECB7F1CEEDA8457702

Function 00007FF62B67BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B67BED4

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction ID: b5473ba99107420edd092bbe8432590edf9135fae3760aa77a4a60b884f77459
Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction Fuzzy Hash: E841C63291824287EE349B19AD5017973A0FB5DB90F180131D79ECB6E5CFADE402FB52

Function 00007FF62B667F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF62B66803A

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _fread_nolock
String ID:
API String ID: 840049012-0
Opcode ID: c6682db64852707600c43fb891f4de48ebc266699440c3858ac7b9af290251f5
Instruction ID: 7075e56e5c91c4014fd889cf17a73c4aed5a9de9f5d2f2adc7b7a8eca827a300
Opcode Fuzzy Hash: c6682db64852707600c43fb891f4de48ebc266699440c3858ac7b9af290251f5
Instruction Fuzzy Hash: 43219121F1865246FE509A32AD043BAA651FF4DBD4F885831EE0D8B796CE7DF045EA02

Function 00007FF62B67B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B67B9C2

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
Instruction ID: 14e29f3c0f171d8e78773b5a9b4c32a9a3755c4c063e9039edd4222bd73ce7fc
Opcode Fuzzy Hash: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
Instruction Fuzzy Hash: F631A022E2865285FF116B558C5037C2690FF89BA0F590235EA6D8B7F2DEFCA441B713

Function 00007FF62B675F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B675EF9

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction ID: 6f4e3c665eb4618c5ce46a8004443ce27436371a7c3b1dc510dc8301e2bb6cf8
Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction Fuzzy Hash: 00115121A2C64181FE609F119C0017DA664FF89B84F444475EA4CDFAB7CFBDD440BB42

Function 00007FF62B686354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B686377

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction ID: 67d0af190f8c59f136381b61bc43077ea22451342349c0e9ebf8d6d0166dd5e2
Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction Fuzzy Hash: DA219232A18A4287DF618F18D84037976A1FB89B94F245234E75DC76E9DF3CD415EB01

Function 00007FF62B6703BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B670410

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction ID: d814708151992613caa2736df3ae9c152a268e52538a29c74b72f8942da631d1
Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction Fuzzy Hash: 3A01C422A1874180EE04DF629D01069B691FF89FE0F584631EE6C9BBEACEBCD411B301

Function 00007FF62B668E80 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF62B669390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF62B6645F4,00000000,00007FF62B661985), ref: 00007FF62B6693C9

LoadLibraryExW.KERNEL32(?,00007FF62B666476,?,00007FF62B66336E), ref: 00007FF62B668EA2

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ByteCharLibraryLoadMultiWide
String ID:
API String ID: 2592636585-0
Opcode ID: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
Instruction ID: 5de0229fefeb25f9522274601cd98c1ca9635ff0d0dd6132f4671b2ec8ca2a49
Opcode Fuzzy Hash: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
Instruction Fuzzy Hash: 86D08C01F2424642EE48A767BA466295251EBCDBC0F988035EE0D47BAAEC3CC0415B00

Function 00007FF62B67D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF62B670C90,?,?,?,00007FF62B6722FA,?,?,?,?,?,00007FF62B673AE9), ref: 00007FF62B67D63A

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction ID: 581deee2dd055f28f21e480c8c653a48c6277fa0fe787b9451162b47155e82d4
Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction Fuzzy Hash: 12F0F890F1924745FE649B715C516751290FF8D7A0F0C4B30DD2ECA6E2EEADA480B612

Non-executed Functions

Function 00007FF62B6683C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,00007FF62B668919,00007FF62B663FA5), ref: 00007FF62B66842B
RemoveDirectoryW.KERNEL32(?,00007FF62B668919,00007FF62B663FA5), ref: 00007FF62B6684AE
DeleteFileW.KERNEL32(?,00007FF62B668919,00007FF62B663FA5), ref: 00007FF62B6684CD
FindNextFileW.KERNEL32(?,00007FF62B668919,00007FF62B663FA5), ref: 00007FF62B6684DB
FindClose.KERNEL32(?,00007FF62B668919,00007FF62B663FA5), ref: 00007FF62B6684EC
RemoveDirectoryW.KERNEL32(?,00007FF62B668919,00007FF62B663FA5), ref: 00007FF62B6684F5

Strings

%s\*, xrefs: 00007FF62B6683F2

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
String ID: %s\*
API String ID: 1057558799-766152087
Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
Instruction ID: ce689659db0eb86865e21bde7e795a9d4931a40b6865725ffa4b48b75606d92e
Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
Instruction Fuzzy Hash: 8E414322A0C94385EE709B64EC442BA6360FB9D794F440232E69DC76E5EF3CE549DB42

Function 00007FF62B685C00 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF62B685C45

Part of subcall function 00007FF62B685598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B6855AC

Part of subcall function 00007FF62B67A948: HeapFree.KERNEL32(?,?,?,00007FF62B682D22,?,?,?,00007FF62B682D5F,?,?,00000000,00007FF62B683225,?,?,?,00007FF62B683157), ref: 00007FF62B67A95E
Part of subcall function 00007FF62B67A948: GetLastError.KERNEL32(?,?,?,00007FF62B682D22,?,?,?,00007FF62B682D5F,?,?,00000000,00007FF62B683225,?,?,?,00007FF62B683157), ref: 00007FF62B67A968

Part of subcall function 00007FF62B67A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF62B67A8DF,?,?,?,?,?,00007FF62B67A7CA), ref: 00007FF62B67A909
Part of subcall function 00007FF62B67A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF62B67A8DF,?,?,?,?,?,00007FF62B67A7CA), ref: 00007FF62B67A92E

_get_daylight.LIBCMT ref: 00007FF62B685C34

Part of subcall function 00007FF62B6855F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B68560C

_get_daylight.LIBCMT ref: 00007FF62B685EAA
_get_daylight.LIBCMT ref: 00007FF62B685EBB
_get_daylight.LIBCMT ref: 00007FF62B685ECC
GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF62B68610C), ref: 00007FF62B685EF3

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID:
API String ID: 4070488512-0
Opcode ID: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
Instruction ID: 8a4f94dbce7249eb9b234996a13b6003275cd1a2345c0a8df1c076c2c60f78a0
Opcode Fuzzy Hash: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
Instruction Fuzzy Hash: E1D1C122A1825286EF209F25DC511B96762FF8E7C4F448036EE4DC76A6DF3CE445EB42

Function 00007FF62B676290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B6762D3
_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B6766C0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B67695C

Strings

-, xrefs: 00007FF62B676369
p, xrefs: 00007FF62B676385
:, xrefs: 00007FF62B67648C
f, xrefs: 00007FF62B6763F5
p, xrefs: 00007FF62B6763FD

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$:$f$p$p
API String ID: 3215553584-2013873522
Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction ID: 93b9b64d81ace2b10fc611903e8c7153fb686119997454faabcb6d825ea17a96
Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction Fuzzy Hash: 1612D572E0C24386FF609E14D95427976A1FB48750FD48135E7898AAE8DFBCE580FB12

Function 00007FF62B67ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF62B67F0AA,?,?,00000193766996E8,00007FF62B67AD53,?,?,?,00007FF62B67AC4A,?,?,?,00007FF62B675F3E), ref: 00007FF62B67EE8C
GetProcAddress.KERNEL32(?,?,?,00007FF62B67F0AA,?,?,00000193766996E8,00007FF62B67AD53,?,?,?,00007FF62B67AC4A,?,?,?,00007FF62B675F3E), ref: 00007FF62B67EE98

Strings

ext-ms-, xrefs: 00007FF62B67EDE9
api-ms-, xrefs: 00007FF62B67EDD6

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction ID: 9285874917a29f69287ffd2856eb31858cc3e961a75ba8983bb2dc6d249f8d7e
Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction Fuzzy Hash: 3E41E021B19A0281FE15CB56AC106752299FF4DBD0F888939DD1DCFBA4EE7CE449B302

Function 00007FF62B662C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF62B663706,?,00007FF62B663804), ref: 00007FF62B662C9E
FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF62B663706,?,00007FF62B663804), ref: 00007FF62B662D63
MessageBoxW.USER32 ref: 00007FF62B662D99

Strings

Error, xrefs: 00007FF62B662D8C
<FormatMessageW failed.>, xrefs: 00007FF62B662D70
%ls: , xrefs: 00007FF62B662D22
[PYI-%d:ERROR] , xrefs: 00007FF62B662CA6

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Message$CurrentFormatProcess
String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
API String ID: 3940978338-251083826
Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction ID: 3b82a6f042cb8294869c5cfefee11cd8ebf8d8861c0239fda78a6345d59fca6c
Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction Fuzzy Hash: 7A31D832B08A4242EB209B25AC142AA6691FF8C7D8F410136EF4DD7769EF3CD55AD701

Function 00007FF62B66DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF62B66DF7A,?,?,?,00007FF62B66DC6C,?,?,?,00007FF62B66D869), ref: 00007FF62B66DD4D
GetLastError.KERNEL32(?,?,?,00007FF62B66DF7A,?,?,?,00007FF62B66DC6C,?,?,?,00007FF62B66D869), ref: 00007FF62B66DD5B
LoadLibraryExW.KERNEL32(?,?,?,00007FF62B66DF7A,?,?,?,00007FF62B66DC6C,?,?,?,00007FF62B66D869), ref: 00007FF62B66DD85
FreeLibrary.KERNEL32(?,?,?,00007FF62B66DF7A,?,?,?,00007FF62B66DC6C,?,?,?,00007FF62B66D869), ref: 00007FF62B66DDF3
GetProcAddress.KERNEL32(?,?,?,00007FF62B66DF7A,?,?,?,00007FF62B66DC6C,?,?,?,00007FF62B66D869), ref: 00007FF62B66DDFF

Strings

api-ms-, xrefs: 00007FF62B66DD6D

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction ID: 7d0e1276cc803e506061586be68658223c7d57255cdeaee01e79f270f6df4a03
Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction Fuzzy Hash: 0A31A261B1BA4391EE12AB07AC506B52394FF4CBA4F594535DD1D8B3A0EF3CE844A302

Function 00007FF62B662A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF62B66351A,?,00000000,00007FF62B663F23), ref: 00007FF62B662AA0

Strings

Warning [ANSI Fallback], xrefs: 00007FF62B662B0F
[PYI-%d:%s] , xrefs: 00007FF62B662AA8
WARNING, xrefs: 00007FF62B662AAF
Warning, xrefs: 00007FF62B662B1E
0, xrefs: 00007FF62B662B16

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentProcess
String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-2900015858
Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction ID: 7a5378d69ddca582fe2c0d392ac19065fc46f0647e75a32cf4be698629682ff1
Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction Fuzzy Hash: D3218132A19B8292EB209B51BC817EA6394FB8C7C4F440136EE8D83669DF7CD1499741

Function 00007FF62B67B2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF62B674F11,?,?,?,?,00007FF62B67A48A,?,?,?,?,00007FF62B67718F), ref: 00007FF62B67B2D7
FlsSetValue.KERNEL32(?,?,?,00007FF62B674F11,?,?,?,?,00007FF62B67A48A,?,?,?,?,00007FF62B67718F), ref: 00007FF62B67B30D
FlsSetValue.KERNEL32(?,?,?,00007FF62B674F11,?,?,?,?,00007FF62B67A48A,?,?,?,?,00007FF62B67718F), ref: 00007FF62B67B33A
FlsSetValue.KERNEL32(?,?,?,00007FF62B674F11,?,?,?,?,00007FF62B67A48A,?,?,?,?,00007FF62B67718F), ref: 00007FF62B67B34B
FlsSetValue.KERNEL32(?,?,?,00007FF62B674F11,?,?,?,?,00007FF62B67A48A,?,?,?,?,00007FF62B67718F), ref: 00007FF62B67B35C
SetLastError.KERNEL32(?,?,?,00007FF62B674F11,?,?,?,?,00007FF62B67A48A,?,?,?,?,00007FF62B67718F), ref: 00007FF62B67B377

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 511c86220214880ca4b01c77dd55d0a7de68e458561f726588d357ec3f22002e
Instruction ID: bb07d330185bb55ae2661bef71be276e2cb23f3f707bc2b67f95f59a793c4f8f
Opcode Fuzzy Hash: 511c86220214880ca4b01c77dd55d0a7de68e458561f726588d357ec3f22002e
Instruction Fuzzy Hash: 10113B20A0C64382FE5457615E6113D5142FF4CBB0F188735E93ECA7F6EEACA4817702

Function 00007FF62B662390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF62B6623C8
DialogBoxIndirectParamW.USER32 ref: 00007FF62B66248E
DeleteObject.GDI32 ref: 00007FF62B6624C1
DestroyIcon.USER32 ref: 00007FF62B6624D3

Strings

Unhandled exception in script, xrefs: 00007FF62B6623F8

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
String ID: Unhandled exception in script
API String ID: 3081866767-2699770090
Opcode ID: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
Instruction ID: 62b796f472bd4b1838b71cca523ff7f1882aedabf7982763c5116e804cb835c7
Opcode Fuzzy Hash: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
Instruction Fuzzy Hash: 51313072A19A8289EF20DB61EC552F96360FF8D788F440135EA4D8BB6ADF7CD105D702

Function 00007FF62B662B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF62B66918F,?,00007FF62B663C55), ref: 00007FF62B662BA0
MessageBoxW.USER32 ref: 00007FF62B662C2A

Strings

WARNING, xrefs: 00007FF62B662BAF
[PYI-%d:%ls] , xrefs: 00007FF62B662BA8
Warning, xrefs: 00007FF62B662C1D

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: CurrentMessageProcess
String ID: WARNING$Warning$[PYI-%d:%ls]
API String ID: 1672936522-3797743490
Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction ID: 50af98dd34d4ed00bb0636848972dc207b78000ee3245f20a99da97348c54805
Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction Fuzzy Hash: 4921D332B08B4292EB209B14F8447AA63A4FB8C7C4F444136EA8D97666DE3CD219D740

Function 00007FF62B679A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF62B679AAD
GetProcAddress.KERNEL32 ref: 00007FF62B679AC3
FreeLibrary.KERNEL32 ref: 00007FF62B679AEA

Strings

mscoree.dll, xrefs: 00007FF62B679AA4
CorExitProcess, xrefs: 00007FF62B679ABC

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction ID: f0e3ac722b9f1250b0a820be091e31aecc182edb650c1f6c568335dcd928489f
Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction Fuzzy Hash: 1CF04F21A0AA0792EF108B24AC8577A6360FF4E7A1F580235D66E8A6F4DF6DD048F741

Function 00007FF62B689368 Relevance: 7.6, APIs: 5, Instructions: 56COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF62B689390
_set_statfp.LIBCMT ref: 00007FF62B6893AB
_set_statfp.LIBCMT ref: 00007FF62B6893C7
_set_statfp.LIBCMT ref: 00007FF62B689403

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction ID: a8a24c72cb1ffcfcc411efddb29d52e84f75f3b0b42f7d4b3d23676636b0dbdb
Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction Fuzzy Hash: D1114222E5CA0303FE651165EC9D3791150FF9F3E8E046634EB6ED66F68EAC68496202

Function 00007FF62B67B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF62B67A5A3,?,?,00000000,00007FF62B67A83E,?,?,?,?,?,00007FF62B67A7CA), ref: 00007FF62B67B3AF
FlsSetValue.KERNEL32(?,?,?,00007FF62B67A5A3,?,?,00000000,00007FF62B67A83E,?,?,?,?,?,00007FF62B67A7CA), ref: 00007FF62B67B3CE
FlsSetValue.KERNEL32(?,?,?,00007FF62B67A5A3,?,?,00000000,00007FF62B67A83E,?,?,?,?,?,00007FF62B67A7CA), ref: 00007FF62B67B3F6
FlsSetValue.KERNEL32(?,?,?,00007FF62B67A5A3,?,?,00000000,00007FF62B67A83E,?,?,?,?,?,00007FF62B67A7CA), ref: 00007FF62B67B407
FlsSetValue.KERNEL32(?,?,?,00007FF62B67A5A3,?,?,00000000,00007FF62B67A83E,?,?,?,?,?,00007FF62B67A7CA), ref: 00007FF62B67B418

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 6f944022d23edc1c4acf36ee41aa723466f994e0e1af3fb98e05b0010e79b0d5
Instruction ID: 8fb2c061f29df86eec99f6821a617f96b29660e27773fc6b64c170ae19dd869e
Opcode Fuzzy Hash: 6f944022d23edc1c4acf36ee41aa723466f994e0e1af3fb98e05b0010e79b0d5
Instruction Fuzzy Hash: E2116D20E0864381FE5893659E615796141FF4C7B0F588334E93DCE7FADEACA482B202

Function 00007FF62B67FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF62B67FEA7

Part of subcall function 00007FF62B677A3C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B677A59

Strings

UTF-8, xrefs: 00007FF62B67FE26
ccs, xrefs: 00007FF62B67FDE2
UTF-16LEUNICODE, xrefs: 00007FF62B67FE45

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction ID: 712cbc89d7e88abd55efd4e4455274cd60c9db9e8f6420721d0034bb89690b83
Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction Fuzzy Hash: 6C81BE72E092C28DFF649F298910E7926A0FB19B44F559031CA09CF2B5DFADE841B703

Function 00007FF62B66F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF62B66F2B0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF62B66F398

Strings

csm, xrefs: 00007FF62B66F3EA
csm, xrefs: 00007FF62B66F2D2

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction ID: 85b6f4a6a786cef82ac3b6554ad5aad99765af9f04af9695340defb1792a6280
Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction Fuzzy Hash: 0E518D33A082838EEF648B22D98426C77A0FB59B84F145136DA5D87BA6CF3CE450D742

Function 00007FFDFAA1C9AC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FFDFAA1C9D8
GetCurrentThreadId.KERNEL32 ref: 00007FFDFAA1C9E6
GetCurrentProcessId.KERNEL32 ref: 00007FFDFAA1C9F2
QueryPerformanceCounter.KERNEL32 ref: 00007FFDFAA1CA02

Memory Dump Source

Source File: 00000001.00000002.2113553922.00007FFDFA751000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFDFA750000, based on PE: true

Associated: 00000001.00000002.2113524028.00007FFDFA750000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2113864775.00007FFDFAA1E000.00000002.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2113980622.00007FFDFAB6B000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2114013731.00007FFDFAB7B000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2114042062.00007FFDFAB81000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2114069698.00007FFDFAB86000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2114097987.00007FFDFAB95000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2114127154.00007FFDFAB9C000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2114152699.00007FFDFAB9D000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2114176398.00007FFDFAB9E000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2114205991.00007FFDFAB9F000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2114236348.00007FFDFABB8000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2114262239.00007FFDFABC7000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2114288648.00007FFDFABD7000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2114315333.00007FFDFABD8000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2114341793.00007FFDFABD9000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2114365891.00007FFDFABDA000.00000008.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2114389970.00007FFDFABDD000.00000004.00000001.01000000.0000001C.sdmpDownload File
Associated: 00000001.00000002.2114414597.00007FFDFABDF000.00000002.00000001.01000000.0000001C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfa750000_wp-cent.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 19a014122a8329d598b8a719417dcd6d526a9fad5fd2adc0fdb65de44e15e28a
Instruction ID: 3c021463552e2c29cdf2aeed0b2b22175376b43b19e2a3cd622a4d9650b2a7ad
Opcode Fuzzy Hash: 19a014122a8329d598b8a719417dcd6d526a9fad5fd2adc0fdb65de44e15e28a
Instruction Fuzzy Hash: 96117C36B15F029AEB40CF60E8646B833A4FB18758F440E31EA2D42BA8DF3CD159C740

Function 00007FF62B685B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF62B681760: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62B681793

_get_daylight.LIBCMT ref: 00007FF62B685C34
_get_daylight.LIBCMT ref: 00007FF62B685C45

Strings

?, xrefs: 00007FF62B685BC5

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
Instruction ID: 134e34a7a10537867fccc20dea3721f540f673748ceb9f9aed393f6e385cf290
Opcode Fuzzy Hash: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
Instruction Fuzzy Hash: 10414912A0838242FF609B259C5137A6792FB9ABE4F144235EF5C86AF6DF3CD4459B02

Function 00007FF62B67CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF62B67CD4F
GetLastError.KERNEL32 ref: 00007FF62B67CD71

Strings

U, xrefs: 00007FF62B67CCFB

Memory Dump Source

Source File: 00000001.00000002.2110162445.00007FF62B661000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62B660000, based on PE: true

Associated: 00000001.00000002.2110137767.00007FF62B660000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110251758.00007FF62B68B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B69E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110286175.00007FF62B6A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2110347423.00007FF62B6A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff62b660000_wp-cent.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction ID: 5be65dd6817b34fea274761fff89ccfe656dba581b92157d0837f1239ec307c6
Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction Fuzzy Hash: 4741B232B19A8181EB608F25E8447AA67A1FB88784F944135EE4DC77A8EF7CD405E741

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for folders and drives shared on remote systems as a means of identifying sources of information to gather as a precursor for Collection and to identify potential systems of interest for Lateral Movement. Networks often contain shared network drives and folders that enable users to access file directories on various systems across a network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report wp-cent.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_wp-cent.exe_bc6629e2d5aa2b1cefa43aa42ca3b263bf7629_5d48ee1a_3749d6de-3c6c-41b0-9163-95175699e0dd\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC690.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC7D9.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC7F9.tmp.xml

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\MSVCP140.dll

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\MSVCP140_1.dll

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Core.dll

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5DBus.dll

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Gui.dll

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Network.dll

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Qml.dll

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5QmlModels.dll

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Quick.dll

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Svg.dll

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5WebSockets.dll

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\Qt5Widgets.dll

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\VCRUNTIME140.dll

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\VCRUNTIME140_1.dll

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\d3dcompiler_47.dll

C:\Users\user\AppData\Local\Temp\_MEI74762\PyQt5\Qt5\bin\libEGL.dll

Windows Analysis Report
wp-cent.exe